User data from hotel reservation sites was exposed (illustration).
-
Damian Dovarganes / AP / SIPA
Prestige Software has insufficiently protected the personal data of users of its Cloud Hospitality platform.
This is used by the big names in online hotel reservations to update room availability in real time.
Hundreds of thousands of customers of Expedia, Booking.com and Hotels.com are still concerned, alert
Website Planet
.
Based in Barcelona, Prestige Software has thus stored in a badly configured Amazon Web Services database the information concerning the bank cards of certain users.
This security vulnerability has existed since 2013.
Bank cards, email addresses ...
In addition to credit card data, the details and cost of reservations were potentially accessible to hackers, as were customers' full names, email addresses, phone numbers and ID numbers.
Web Planet
cybersecurity specialists,
however, indicated that there was no evidence that malicious people had accessed or used this data.
The flaw resolved
If this were the case, hackers could easily use the recovered items to commit identity theft, cyber attacks, phishing campaigns or credit card fraud.
There is also a risk of blackmail if the customers concerned had booked a hotel stay that they wanted discreet.
Experts reported their discovery to Prestige Software and the insecure content was protected the very next day.
However, more than 10 million information files representing a total of 24.4 gigabytes have remained accessible previously.
High-Tech
Windows: Discovery of a serious security vulnerability exploited by hackers
High-Tech
Data protection: Soon a tool to rate the security of digital platforms?
High-Tech
Hotel
Cybersecurity
Hacker
Personal data