Personal data exposed by booking software glitch

You are here:

Personal data exposed by booking software glitch

Customers of Hotels.com, Booking.com, Expedia and other major booking sites have reportedly had their personal data exposed.

Security experts at Website Planet outlined in a report how data from millions of hotel guests globally was exposed via third-party service Prestige Software which provides automated booking solutions to major travel brands.

It said data was exposed possibly dating back to 2013.

Website Planet says Prestige’s Amazon Web Services (AWS) cloud storage service was misconfigured, which led to data of more than 10 million customers becoming visible and potentially exposed to unauthorised persons.

The individual log files contained personally identifiable information such as names, email addresses, and phone numbers of hotel guests, as well as full cardholder information including number and CVV.

Link to article