Security Center Security News v
Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Hundreds of Hotels Affected by Data Breach at Hotel Booking Software Provider
tarekma7 Offline
Administrator
*******
Administrators
Posts: 19,392
Threads: 8,940
Thanks Received: 32,365 in 9,282 posts
Thanks Given: 4,308
Joined: Sep 2015
Reputation: 2,714
The EnforcerGold MemberRandomThe InfluentialThe CrownThe Researcher The WriterThe Organizer View All
#1
06-27-2018 , 12:36 AM
Quote:The personal details and payment card data of guests from hundreds of hotels, if not more, have been stolen this month by an unknown attacker, Bleeping Computer has learned.

The data was taken from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries —as it claims on its website.

Hacker used web app flaw to breach FastBooking's system
In emails the company sent out to affected hotels today, FastBooking revealed the breach took place on June 14, when an attacker used a vulnerability in an application hosted on its server to install a malicious tool (malware).

This tool allowed the intruder remote access to the server, which he used to exfiltrate data. The incident came to light when FastBooking employees discovered this malicious tool on its server.


Guest personal data and card details stolen
According to FastBooking, the intruder stole information such as a hotel guests' first and last names, nationality, postal addresses, email addresses, and hotel booking-related information (hotel name, check-in, and check-out details).

In some cases, but not all, the intruder also obtained payment card details were also stolen, such as the name printed on the payment card, the card's number, and its expiration date.

Not all of FastBooking's customers were impacted the same. The attacker stole just guest details from some hotels, payment card details from others, or both in other cases.

The French company has sent emails to each affected hotel with details about the number of affected guests for each entity, and what type of data the attacker stole.

Bleeping Computer has learned that FastBooking is also providing templates that each hotel can use to notify former guests of the breach, and templates to notify national data protection agencies about the leak of private guest data and their respective payment card details.

In a press release aimed at the Japanese market, FastBooking said the incident affected 380 Japanese hotels alone. It is reasonable to believe the number of impacted hotels across the world is larger than the Japanese tally, possibly going above 1,000.

Bleeping Computer has contacted FastBooking with questions about the total number of impacted hotels, the number of guests who had their private details stolen, and the number of guests who had payment card details taken from FastBooking's server.

The company said it would provide a statement about the incident, but we did not receive one before this article's deadline. Our reporting will be updated when FastBooking answers our questions.

READ THE FULL ARTICLE HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers Breach University of Manchester; School Says Attackers Likely Copied Data mrtrout 0 552 06-12-2023 , 10:39 PM
Last Post: mrtrout
  TikTok denies security breach after hackers leak user data, source code tarekma7 0 1,896 09-06-2022 , 10:19 AM
Last Post: tarekma7
  Nordic Choice Hotels Turns Ransomware Attack into Success Story mrtrout 0 651 01-18-2022 , 11:18 PM
Last Post: mrtrout
  Volvo Cars discloses security breach leading to R&D data theft mrtrout 0 689 12-11-2021 , 12:25 AM
Last Post: mrtrout
  T-Mobile Customers Sueing the Company Over Data Breach mrtrout 0 646 08-23-2021 , 10:41 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)