Expedia, Booking, Hotels and more: the data of millions of customers exposed by the booking platform provider

Source: HW Upgrade added 09th Nov 2020

The provider of the booking platform to which all the main travel and accommodation sites are targeting has left millions of data accessible on an Amazon Web Services cloud storage

of Andrea Bai published on , at 10: 31 in the web channel

Here comes a new tile for the hospitality sector, in addition to the scourge of the pandemic COVID – 19 which has already brought millions of structures around the world to their knees. And the new tile concerns a security problem: Prestige Software, the Spanish company author of reality hotel booking platforms such as Expedia, Hotels and Booking , exposed the data of millions of users on a cloud storage space of Amazon Web Services .

Exposed millions of customer data from Hotels, Expedia, Booking

It is more than 10 millions of log files dating back to 2013, for a total of 24, 4 gigabytes of data which contain full names, email addresses, document numbers, hotel customer phone numbers, credit card numbers (and details such as deadlines and CVV numbers), booking details (price, duration, number and names of guests).



An example of the data left exposed – Source: Website Planet

Website Planet reports that the breach was closed one day after reporting to AWS. Prestige has confirmed that she owns that data. It goes without saying that exposure of this type of data – if it gets into the wrong hands – could lead to a variety of security incidents such as credit card fraud, identity theft and phishing attacks. It is currently unclear what the number of people potentially affected by the problem is.

Did the data end up in bad hands? No one knows

In addition to the aforementioned Expedia, Hotels and Booking, also other realities in the world of travel such as Amadeus, Agoda and Omnibees are involved, and along with them many others not specified. What is unclear, however, is how long the data remained accessible and whether anyone was able to get hold of it and copy it somewhere else.

This episode shows however what may be the risks of reliance on third party suppliers for a service that is essential for the type of business that takes place. As we often emphasize when we talk about these topics, security is a process that is all the stronger the more robust its weakest link is: it is clear, therefore, that a vulnerability of a supplier can compromise all the realities that address him.