Credit Card Data From Top Booking Sites Leaked in Major Data Breach
Nov. 9, 2020In what might be one of the most expansivedata breachesin recent memory,private customer-data of several popular websites, including Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and more, are believed to have been leakedby a Spanish software firm called Prestige Software, which operates a channel management platform called Cloud Hospitality that automates room availability on top booking sites.
The S3 bucket reportedly contained more than 10 million (1 crore) files weighing more than 2.44GB. The exposed data not only included the full names, email IDs and phone numbers of hotel guests, but alsocredit card numbers with CVV and expiration dates, potentially allowing anybody to make unauthorized transactions. The researchers say that they haven’t analyzed all exposed files, but“every website and booking platform connected to Cloud Hospitality was probably affected”.
As per the report, the exposed data belongs to people from around the world, including citizens of EU nations, which might invite hefty penalties from the local regulators based on GDPR regulations. It’s not immediately clear as to whether the database was accessed by third-parties with malicious intent, but given that cybercriminals have been scanning for exposed databases, it won’t be a major surprise if some of it has already found its way todark webmarketplaces.
Passionate techie. Professional tech writer. Proud geek.
