Data Breach Concept Photo: Getty Images

Platform used by Hotels.com, Expedia exposes data of ‘millions’ of guests worldwide

*Exposed information include names, credit card details, ID numbers, and reservation details

*Security researchers don’t know whether the data has already been found by a cybercriminal

Alexander Davis | ConsumerConnect

For reportedly storing files dating as far back as 2013 without any protection in place, the hotel reservation firm Prestige Software has leaked the data of millions of guests worldwide.

According to Website Planet, Prestige Software is a digital platform that enables hotels to automate their availability on booking websites such as Expedia and Booking.com, which had apparently stored files dating as far back as 2013 without any protection for the data.

Among other exposed information are names, credit card details, ID numbers, and reservation details of hotel guests.

It was gathered that in some cases, logs contained personally identifiable information for multiple members included in a single booking.

However, as of now, report says it remains unknown how long the trove of data was left unsecured or if any third parties accessed it since then.

According to security experts, if the data was found by a cybercriminal, the party could steal identities, carry out phishing scams, or even hijack a reservation.

Researcher Mark Holden said: “Millions of people were potentially exposed in the data breach, from all over the world. We can’t guarantee that somebody hasn’t already accessed the S3 bucket and stolen the data before we found it.

“So far, there is no evidence of this happening. However, if it did, there would be enormous implications for the privacy, security and financial wellbeing of those exposed.”

Website Planet said the firm quickly fixed the vulnerability after being alerted to the issue.

Holden said that due to the sheer number of hotel and travel websites involved in the breach, it’s “impossible to help anyone already exposed if somebody found the data before us.”

Clients of Prestige Software include Booking.com, Expedia, Hotels.com, and many others.

Website Planet stated: “If you’re a customer of any of the Websites listed in this report, and are concerned about how this leak might impact you, contact the company directly to determine what steps it’s taking to protect your data.”

Kindly Share This Story