A New Data Breach Could Have Affected Over 10 Million Hotel Clients Around the World

A popular hotel booking service has exposed the data of over 10 million hotel guests that visited locations all over the globe.

The incident was caused by a poorly configured AWS bucket. According to a report by security experts working with Website Planet who discovered the leaky Amazon server bucket, a whopping 24 gigabytes of data were affected. A lot of the records include the information of multiple guests who were sharing the same reservation, so the number of affected individuals is even higher than the total number of booking records.

Astonishingly, Web Planet reports that the records, which stretch back to 2013, contained years worth of credit card information, kept on the server "without any protection in place". To give a better idea of the scope and the huge number of people that could be affected by the incident, Web Planet stated that there were 180,000 database records from just August 2020, in a year when bookings are near an all-time low due to the Covid-19 pandemic.

The information contained in the leaky database goes well beyond credit card records and also includes customer names, e-mails, ID numbers according to country of origin and respective personal ID documents and phone numbers. The credit card information in the unsecured database includes the holder name, card number and CVV - essentially every single detail you need to use that card and pay for anything online.

Credit cards and personal information were exposed

The leaky database also contained data from a number of different popular booking portals, including Booking dot com, Hotels dot com and Expedia, among others. Chances are that every single booking and reservation service that uses Cloud Hospitality's services is affected. However, Website Planet made it clear that the individual sites using the shared cloud service are not to blame for the data exposure.

There is no evidence that someone has accessed the data before Web Planet discovered the poorly configured database, but if that was indeed the case, the security experts said there would be "enormous implications" for those affected.

The faulty database has been taken down immediately after Web Planet contacted Amazon Web Services directly to inform them about it.

By Zaib
November 12, 2020
Computer Security
English
November 12, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Nedbank Reports a Data Breach That Could Have Affected 1.7 Million Clients

In early February, IT experts working for Nedbank, one of South Africa's 'big four' commercial banks, learned that some of their customers might have been affected by a data breach. Within a week, they had thoroughly... Read more

February 21, 2020
Computer Security

2.8 Million Eatigo and 1.1 Million RedMart Accounts Exposed Following Data Breach

Another couple of massive data breaches took place over the last few days. The breaches affected restaurant reservation platform Eatigo and online supermarkets RedMart. A combined total of nearly 4 million accounts... Read more

November 4, 2020
How To

How to Check If You Were Affected by Koodo Data Breach

If you aren't aware of Koodo Mobile, it's a Canadian mobile flanker brand, which was launched by Telus back in 2008, recently announced that client data was breached and is apparently being sold on the Dark Web. Koodo... Read more

July 14, 2020
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.