Breach Brief – Booking.com, Expedia.com

Published On November 11, 2020 | By Tom Huskerson | Breach Briefs, News and Analysis

Now most people have never heard of Prestige software. But that is not the problem here. The problem is that travel sites like Expedia.com and Booking.com is using the software and their customer data was compromised. But its not their fault.

To explain what happened lets first understand the situation. According to Website Planet Spanish company Cloud Hospitality channel management software leaked the data. The software is used by hotels to automate the status of their vacancies on various booking websites. So since the platform is used to connect with the reservation websites, some of the data came from Expedia and Booking.com but the data leak is not their fault.

The data was stored on a mis-configured Amazon Web Services (AWS) S3 bucket belonging to Prestige Software, a Spain-based company that sells hotel reservation management software. So the bottom line is that one of the nerds somewhere screwed up and left the data wide open.

Now what was lost?

This is where it gets nasty. Over 10 million log files! Yes, ten million! And the information goes all the way back to 2013. The data compromised included a range of personally Identifiable Information (PII), such as guest’s full names, national ID numbers, email addresses, phone numbers, as well as details such as the reservation number, dates, number of guests and their names and the price paid. It gets worse. The S3 bucket also contained valuable financial data such as credit card numbers, the card holder’s name, credit card verification codes (CVV), and expiration date.

Hackers love this stuff. The volume and variety of the records exposed gives hackers everything they need to commit all kinds of fraud and mischief. Hotel guests and user of the travel sites are not potential victims of identity theftphishing and other social engineering attacks, and even financial fraud. But black hat hackers don’t always use the data themselves. More than likely the hacker will sell it off on the dark web in bulk.

If you use Expedia or Booking.com you’ll be hearing from them soon I’m sure. In the mean time you might want to keep an eye on your credit cards and other financial resources.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *