Cybersecurity specialists report that Prestige Software has accidentally exposed the records of millions of users of platforms such as Hotels.com, Booking.com and Expedia, whose data is stored in an open cloud.
Cloud Hospitality, the committed platform, is responsible for automating the Internet-based booking processes of Prestige Software partner companies.
Previous reports had already pointed to the reduced security with which the Spanish-based company operates, which uses Amazon Web Services (AWS) infrastructure to carry out its activities. This is a serious incident due to the nature of the information operated by the accommodation service companies.
The world’s leading online hotel services are subject to massive hacking incidents and high-profile attacks to steal sensitive information. The compromised databases appear to contain full names, addresses, credit card information, national identification numbers, and other sensitive details.
The report, prepared by Website Planet, mentions that the logs were discovered after the detection of various AWS deployment failures, which could have affected up to 10 million users. This database, equivalent to about 25 GB, was exposed to any user who knows how to find it: “The database can be hacked by any malicious user with minimal knowledge of cloud storage,” the researchers note.
At the moment it is impossible to know exactly how many users have been affected by this incident, and it is also unknown whether the threat actors who have accessed this information used exploiting security vulnerabilities in Prestige Software systems. However, specialists mention that once users of these platforms record their personal data, this information is automatically uploaded to the Cloud Hospitality subscription to the AWS bucket, which could mean that the information of all users on this platform could have been compromised.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.