Monday, April 29, 2024
Search
-Advertisement-
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics
Reimagining Public Sector Analytics data-lazy-src=
HomeNewsCyber SecurityPrestige Software data breach exposes sensitive data from millions of hotel guests worldwide
Cyber Security

Prestige Software data breach exposes sensitive data from millions of hotel guests worldwide

Tech Observer Desk
By Tech Observer Desk
Updated On
Follow Tech Observer on Google News
Prestige Software was storing years of credit card data from hotel guests and travel agents without any protection on a misconfigured Amazon Web Services (AWS) S3 bucket.
(File: Representative Image)
Google News

Exclusive

A hotel reservation platform of Spain based firm which is used by some of the world's largest online booking websites has been exposing highly sensitive data from millions of hotel guests worldwide, dating as far back as 2013 and including credit card details for 100,000s of people, claimed a security team at .

Prestige Software sells a channel management platform called Cloud Hospitality to hotels that automate their availability on online booking websites like Expedia and Booking.com

According to Website Planet which deals in online reviews, the Prestige Software was storing years of credit card data from hotel guests and agents without any protection on a misconfigured Amazon Web Services (AWS) S3 bucket. As a result, a massive amount of data was exposed — over 10 million individual log files in total, dating back to 2013.

The company claimed that each of these records exposed sensitive and valuable Personally Identifiable Information (PII) data belonging to the individuals making the reservations. However, it's difficult to say how many people were affected, due to the amount of data exposed.

The S3 bucket was still live and in use, with new records being uploaded within a few hours of our investigation, said the company.

The company claimed that the S3 bucket contained data that appeared to originate from many well-known sources listed as Cloud Hospitality's customers, including, but not limited to Agoda, Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees and Sabre, among others.

The security team said that they did not review all the files exposed in the S3 bucket, adding that every website and booking platform connected to Cloud Hospitality was probably affected.

The company said that they investigated several companies potentially responsible for the . However, considering the size of the data exposed and its sensitivity, they decided to contact AWS directly so it could resolve the issue quickly and ensure the breach was closed. The S3 bucket was secured the following day.

ALSO READ

Get the day's headlines from Tech Observer straight in your inbox

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
Tech Observer Desk
Tech Observer Desk
Tech Observer Desk at TechObserver.in is a team of technology reporters led by a senior editor who brings latest updates and developments from the world of technology.
- Advertisement -
EmpowerFest 2024
EmpowerFest 2024
EmpowerFest 2024
EmpowerFest 2024
- Advertisement -EmpowerFest 2024
- Advertisement -Education Sabha
- Advertisement -Veeam
- Advertisement -Reimagining Public Sector Analytics
- Advertisement -ESDS SAP Hana

Podcast

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -

Latest in TECH

Sushil Verma -

How can focusing on human behaviour build a stronger cyber risk-aware culture

A risk-aware culture is critical to the development of a strong cybersecurity environment. We should build a risk culture among management and stakeholders as an added benefit or reward rather than a burden on the firm's personnel.

RELATED ARTICLES