A huge security vulnerability affecting a popular hotel reservation platform has been exposing sensitive information relating to hundreds of thousands of people for bookings dating back several years, it has been revealed. The security flaw concerns a misconfigured AWS S3 bucket that stores data including names, email addresses, credit card numbers and a host of other personally identifiable information.  

Spanish technology firm Prestige Software has provided hotels with access to its Cloud Hospitality management platform for a number of years now, offering a service that automates online availability across numerous booking sites. 

However, a security team at Website Planet recently discovered that over 10 million individual log files, dating back to 2013, were being stored using the solution without security protocols in place.

Based on the payment information that has been exposed in this particular leak, it appears that Prestige Software has failed to comply with the Payment Card Industry Data Security Standard. This could result in the firm having their ability to process payment information revoked.

It’s not easy to state exactly how many individuals would have had data exposed as a result of the security mishap, with some reservations likely to be for group bookings while some would have been cancelled before payment information was taken. Nevertheless, the sheer volume of data exposed identifies Cloud Hospitality as a popular solution, one that is used by some of the biggest names in the online hospitality space, including Expedia, Hotels.com and Booking.com.

As the data was unsecured, it is also not possible to tell whether sensitive information has been accessed. While there is no evidence of fraudulent activity resulting from the exposure yet, cybercriminals could choose to sit on the data before committing criminal acts.

After being notified of the vulnerability, AWS moved to secure the S3 bucket the following day. Still, any ill-gotten information could be used to attempt malicious financial transactions, phishing scams or the injection of malware tools so, as always, it’s important that online users remain vigilant against potential threats.  

Sign up to get breaking news, reviews, opinion, analysis and more, plus the hottest tech deals!

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Source: https://www.techradar.com/news/web-hosting-specialist-exposes-massive-data-flaw-in-popular-hotel-management-platform

Booking.com, Expedia Group, Hotels.com, Data breach

World news – GB – Web hosting specialist exposes massive data flaw in popular hotel management platform

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/


Please enter your comment!
Please enter your name here