Exploit: Misconfiguration
Prestige Software: Travel Industry Software Developer
Risk to Small Business: 1.613 = Severe
International booking software provider Prestige is in hot water for a misconfiguration incident that led to the exposure of personally identifiable data for potentially millions of travelers worldwide. An AWS S3 bucket was left open with free access to 24.4 GB of information, about 10 million files. Clients of Prestige Software include Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and several others. Credit card data for businesses including travel agents and hotel customers was also stored in this database without any security measures.
Individual Risk: 1.624 = Severe
Travelers from as far back as 2013 who have used Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and smaller service providers may be impacted. The information exposed includes travelers’ full names, NIC numbers, email addresses, phone numbers, hotel reservation number, date and duration of stay, credit card numbers including owner’s name, CVV code, and card expiration date.
Customers Impacted: Unknown, 10 million files were exposed
How it Could Affect Your Customers’ Business: This egregious data handling and security error isn’t just a PR disaster – it’s also going to cost a pretty penny in fines and penalties once regulators get finished, including an anticipated large GDPR bill.
Source:
https://www.hackread.com/hotel-reservation-platform-data-leak-online-booking-sites