[ad_1]
A Spanish company that works with some of the largest sites that can book accommodation has exposed customer data from these sites, including all card details used for online payment.
Website Planet’s online security experts discovered an AWS S3 server left unprotected due to a configuration error by Prestige Software. Whoever discovered the server was able to access the databases without the need to login.
Prestige Software is developing a platform to automate the room listing process, called Cloud Hospitality, used by many hotels and travel portals.
READ ALSO Customer benefit 8,087 euros including VAT for Sprinter 314 CDI Van, 11 m3, with front-wheel drive. Go to success!
Interested are Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees and Saber, among others. The exact number of users whose data was exposed is unknown, but more than 10 million files were found on insecure servers, totaling over 24GB.
These files contain the data of those who use the sites mentioned since 2013.
In addition to personal data, hotels, rooms and periods booked, the insecure database also showed the credit card data, with the number, expiration and CVV code, i.e. all the data necessary to make online payments.
Whether unauthorized persons accessed unprotected databases before being discovered by Website Planet is still a mystery.
Source link
