Platform Used by Expedia, Hotels.com Etc. Exposed Data for Millions of Customers
Prestige Software, the channel manager that links hotel reservations to sites like Hotels.com, Booking.com and Expedia, might have exposed data for “millions” of guests. The 10 million-plus log files dated as far back as 2013 and included names, credit card details, ID numbers and reservation details.
It’s not certain how long the data was exposed, or whether anyone actually took advantage of this security flaw. The company was storing years of credit card data from hotel guests and travel agents without any protection in place on Amazon Web Services, putting millions of people at risk of fraud and online attacks. Website Planet said the hole was closed a day after telling AWS about the exposure.
“Millions of people were potentially exposed in the data breach, from all over the world. We can’t guarantee that somebody hasn’t already accessed the S3 bucket and stolen the data before we found it,” said researcher Mark Holden. “So far, there is no evidence of this happening. However, if it did, there would be enormous implications for the privacy, security and financial wellbeing of those exposed.”
“If you’re a customer of any of the websites listed in this report and are concerned about how this leak might impact you, contact the company directly to determine what steps it’s taking to protect your data,” Website Planet said.
Prestige Software doesn’t list its clients on its website. However, the S3 bucket contained data that appeared to originate from many well-known sources listed as Cloud Hospitality’s customers, including, but not limited to:
- and many others