News and Updates on Information Technology

Spain – Prestige Software

Exploit: Misconfiguration
Prestige Software: Travel Industry Software Developer 

Risk to Small Business: 1.613 = Severe

International booking software provider Prestige is in hot water for a misconfiguration incident that led to the exposure of personally identifiable data for potentially millions of travelers worldwide. An AWS S3 bucket was left open with free access to 24.4 GB of information, about 10 million files. Clients of Prestige Software include, Expedia, Agoda, Amadeus,, Hotelbeds, Omnibees, Sabre, and several others. Credit card data for businesses including travel agents and hotel customers was also stored in this database without any security measures.

Individual Risk: 1.624 = Severe

Travelers from as far back as 2013 who have used, Expedia, Agoda, Amadeus,, Hotelbeds, Omnibees, Sabre, and smaller service providers may be impacted. The information exposed includes travelers’ full names, NIC numbers, email addresses, phone numbers, hotel reservation number, date and duration of stay, credit card numbers including owner’s name, CVV code, and card expiration date. 

Customers Impacted: Unknown, 10 million files were exposed

How it Could Affect Your Customers’ Business: This egregious data handling and security error isn’t just a PR disaster – it’s also going to cost a pretty penny in fines and penalties once regulators get finished, including an anticipated large GDPR bill.