The 4 best alternatives to The knot to see also on HBO

A Spanish company has exposed 24GB of personal data of millions of Booking, Expedia and other booking portals

Prestige Software, a Spanish company (with offices in Madrid and Barcelona) that offers a platform for hotels, called Cloud Hospitality, that automates the availability of your reservations on portals such as, Expedia, Amadeus or, has just been identified as guilty of a serious data breach that affects customers all over the world.

Researchers at WebSite Planet discovered the existence of an AWS bucket that, due to misconfiguration, allowed public access to 34.6 GB of datas that it contained without requiring any security authentication.

Prestige Software

Capture of the website of the Spanish company involved.

And among those data were more than 10 million hotel reservation records created during the last 7 years.

Millions of potential victims of the data breach

These records in turn contained both personal and financial data: full names, email addresses, IDs, telephone numbers and, in many cases, also credit card information.

In the words of Mark Holden, a researcher at Website Planet:

"Millions of people have potentially been exposed by this data breach, worldwide. We cannot guarantee that someone did not access the AWS S3 bucket and steal the data before we found it.

My email and password have been leaked in the biggest security breach in history, how can I protect myself?

"[Es cierto que] So far, there is no evidence that this has happened. But if there were to be, there would be huge implications for the privacy, security and financial well-being of the people whose data was exposed. "

Indeed, these people would be exposed to malicious changes to your reservations, to phishing attacks and identity fraud.

Similarly, Prestige Software (which, according to Website Planet, acknowledged being the owner of the bucket and solved the misconfiguration the day after receiving the notice) is now exposed to lawsuits by both those affected and the European institutions, as very heavy fines for breach of GDPR.

Via | InfoSecurity Magazine

Image | William Warby & Chameleon Design