Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
upstart writes in with an IRC submission:
Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak:
A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing.
A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. The records include sensitive data, including credit-card details.
Prestige Software's "Cloud Hospitality" is used by hotels to integrate their reservation systems with online booking websites like Expedia and Booking.com.
The incident has affected 24.4 GB worth of data in total, according to the security team at Website Planet, which uncovered the bucket. Many of the records contain data for multiple hotel guests that were grouped together on a single reservation; thus, the number of people exposed is likely well over the 10 million, researchers said.
[...] A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis in September found. The study from Comparitch showed that 6 percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents.
Read more of this story at SoylentNews.