Security News > 2020 > November > Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak
A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket.
Many of the records contain data for multiple hotel guests that were grouped together on a single reservation; thus, the number of people exposed is likely well over the 10 million, researchers said.
"The company was storing years of credit-card data from hotel guests and travel agents without any protection in place, putting millions of people at risk of fraud and online attacks," according to the firm, in a recent notice on the issue.
The records contain a raft of information, Website Planet said, including full names, email addresses, national ID numbers and phone numbers of hotel guests; card numbers, cardholder names, CVVs and expiration dates; and reservation details, such as the total cost of hotel reservations, reservation number, dates of a stay, special requests made by guests, number of people, guest names and more.
As for Prestige, it's subject to General Data Protection Regulation and the Payment Card Industry Data Security Standard, known as PCI DSS. GDPR violations can result in large fines.
News URL
https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/
Related news
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)