Prestige Software, a Barcelona and Madrid based reservation booking company, has exposed its database, containing over 10 million user records. This was reported by Website Planet, who claims to have seen an AWS S3 without any authentication. It’s unknown how long the database was exposed and who might have accessed it.

Experts and cybersecurity agencies often warn about unprotected databases, which are left exposed on the internet and letting threat actors breach it. While we’ve seen instances of MongoDB and ElasticSearch extensively, the latest alert by the FBI about SonarQube instances is also a notable issue. Joining this group now is Amazon’s AWS bucket.

Companies that host their data on AWS have a fair advantage but are often reported to be making common mistakes like leaving in default passwords or not setting anything at all!

Such misconfigurations can let attackers access it and exfiltrate in some cases, using it for other exploitations. One such company is Prestige Software, an online hospitality firm managing the online reservations of hotels.

As Website Planet reported, Prestige Software has exposed its database on the AWS S3 bucket and secured it after being notified. It said the whole database was worth 24.4 GB, containing more than 10 million exposed files. This affects hotel reservation companies like Agoda, Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre, etc.

Researchers reported that the exposed database contained PII of millions of users, in the format of Full names, email addresses, national ID numbers, and phone numbers of hotel guests. Further, there’s also the sensitive credit card data like card number, cardholder’s name, CVV, expiration date, and payment details for hotel reservations.

The trove is updated with thousands of records while being exposed; as Website Planet said, over 180,000 records from August 2020 were seen. As such, exposures can give rise to identify theft, impersonation, and common phishing attacks for further exploitation.

Source: https://techdator.net/online-reservation-booking-software-exposed-10-million-user-records/

Hotels.com, Booking.com, Expedia Group, User, Amazon Web Services

World news – CA – Online Reservation Booking Software Exposed 10 Million User Records

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here