TravelMole
Breaking

Ten million customers' personal data exposed by booking software glitch

Tuesday, 10 November 20203 min read
Ten million customers' personal data exposed by booking software glitch

Customers of Hotels.com, Booking.com, Expedia and other major booking sites have reportedly had their personal data exposed.

Security experts at Website Planet say data from millions of hotel guests globally were exposed via third-party service Prestige Software which provides automated booking solutions to major travel brands.

It said data was exposed possibly dating back to 2013.

Website Planet says Prestige’s Amazon Web Services (AWS) cloud storage service was misconfigured, which led to data of more than 10 million customers becoming visible and potentially exposed to unauthorised persons.

The individual log files contained personally identifiable information such as names, email addresses, and phone numbers of hotel guests, as well as full cardholder information including number and CVV.

"Cybercriminals could use the exposed PII data and credit card information to commit credit card fraud and steal from people compromised in the breach," the Website Planet report said.

They reported it to AWS and it was fixed within a day.

Website Planet said it couldn’t ascertain if data was accessed by cybercriminals.

"So far, there is no evidence of this happening. However, if it did, there would be enormous implications for the privacy, security and financial wellbeing of those exposed," said researcher Mark Holden.

Written by Ray Montgomery, US Editor