A huge security vulnerability affecting a popular hotel reservation platform has been exposing sensitive information relating to hundreds of thousands of people for bookings dating back several years, it has been revealed. The security flaw concerns a misconfigured AWS S3 bucket that stores data including names, email addresses, credit card numbers and a host of other personally identifiable information.

Spanish technology firm Prestige Software has provided hotels with access to its Cloud Hospitality management platform for a number of years now, offering a service that automates online availability across numerous booking sites.

However, a security team at Website Planet recently discovered that over 10 million individual log files, dating back to 2013, were being stored using the solution without security protocols in place.

Based on the payment information that has been exposed in this particular leak, it appears that Prestige Software has failed to comply with the Payment Card Industry Data Security Standard. This could result in the firm having their ability to process payment information revoked.

It’s not easy to state exactly how many individuals would have had data exposed as a result of the security mishap, with some reservations likely to be for group bookings while some would have been cancelled before payment information was taken. Nevertheless, the sheer volume of data exposed identifies Cloud Hospitality as a popular solution, one that is used by some of the biggest names in the online hospitality space, including Expedia, Hotels.com and Booking.com.

As the data was unsecured, it is also not possible to tell whether sensitive information has been accessed. While there is no evidence of fraudulent activity resulting from the exposure yet, cybercriminals could choose to sit on the data before committing criminal acts.

After being notified of the vulnerability, AWS moved to secure the S3 bucket the following day. Still, any ill-gotten information could be used to attempt malicious financial transactions, phishing scams or the injection of malware tools so, as always, it’s important that online users remain vigilant against potential threats.

Sign up to get breaking news, reviews, opinion, analysis and more, plus the hottest tech deals!

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Source: https://www.techradar.com/news/web-hosting-specialist-exposes-massive-data-flaw-in-popular-hotel-management-platform

Booking.com, Expedia Group, Hotels.com, Data breach

World news – GB – Web hosting specialist exposes massive data flaw in popular hotel management platform

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here