- Cybernews discovers a massive leak from Spanish and Austrian hotel platforms
- Attacker stole data through compromised accounts and exposed 6.5 GB on an open server
- Nearly 5 million users affected, with names, emails, phone numbers, birth details and IDs collected.
Millions of records containing personally identifiable data were exposed on the Internet when a cybercriminal who stole them left them on an open server, without a password or any other means of protection.
It was found by security researchers from cyber newswho described their findings as a “massive operation” and a leak of “staggering” scale.
The data was being stolen from Spanish and Austrian hotel platforms, such as Chekin (an automated check-in service based in Spain) and Gastrodat (an Austrian hotel management software provider).
Article continues below.
Millions are affected
The attacker reportedly compromised 527 accounts belonging to both hotels and hosts, and used them to access the reservation systems of the affected suppliers. They then used automated Python scripts to extract data from the platforms’ APIs. These scripts continuously collected reservation and guest information and sent it to the attacker’s server, probably forwarding it in real time via Telegram.
The server itself was not protected, and that is how Cybernews managed to detect it. Researchers said it contained approximately 6.5 GB of files, with a “huge trove” of personal data.
They said that in total, almost five million users were affected by this incident. By mining data from more than 170 facilities around the world, the bad actors obtained information on around 400,000 different reservations, obtaining stay dates, reservation IDs, guest names, property addresses, and internal security flags used by accommodation platforms.
They also obtained people’s full names, phone numbers, email addresses, dates and places of birth and, in some cases, details of their identity documents.
Analyzing individual platforms, Cybernews found that Gastrodat details contain 361,000 booking records totaling 11.6 million entries, including 4.9 million unique email addresses. Chekin’s data, on the other hand, contains 311,400 records, with 133,900 unique emails and 253,000 ID numbers.
The list of all compromised accounts, their credentials, email addresses, and JWT tokens were also on the server, along with identifiers linking each account to specific booking platforms.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
