Millions of data from Expedia and Booking customers were accessible

User data from hotel reservation sites was exposed (illustration).

-

Prestige Software has insufficiently protected the personal data of users of its Cloud Hospitality platform.

This is used by the big names in online hotel reservations to update room availability in real time.

Hundreds of thousands of customers of Expedia, Booking.com and Hotels.com are still concerned, alert

.

Based in Barcelona, ​​Prestige Software has thus stored in a badly configured Amazon Web Services database the information concerning the bank cards of certain users.

This security vulnerability has existed since 2013.

Bank cards, email addresses ...

In addition to credit card data, the details and cost of reservations were potentially accessible to hackers, as were customers' full names, email addresses, phone numbers and ID numbers.

cybersecurity specialists,

however, indicated that there was no evidence that malicious people had accessed or used this data.

The flaw resolved

If this were the case, hackers could easily use the recovered items to commit identity theft, cyber attacks, phishing campaigns or credit card fraud.

There is also a risk of blackmail if the customers concerned had booked a hotel stay that they wanted discreet.

Experts reported their discovery to Prestige Software and the insecure content was protected the very next day.

However, more than 10 million information files representing a total of 24.4 gigabytes have remained accessible previously.

High-Tech

Windows: Discovery of a serious security vulnerability exploited by hackers

High-Tech

Data protection: Soon a tool to rate the security of digital platforms?

• High-Tech

• Hotel

• Cybersecurity

• Hacker

• Personal data