Data breach, millions of data from the hotel sector

Agoda, Booking.com, Expedia, Amadeus, Hotels.com, Hotelbeds, Omnibees, Saber: just list these names to understand the size of a data breach that brings together most of the customers of all these sites. All this emerges in the darkest moment for the hospitality sector around the world, but it photographs a problem that unites all these services: a common software base that may have proved vulnerable.

The severity of the data breach

The problem would be inherent in AWS servers managed without the necessary precautions by the Spanish Prestige Software, used by the major booking platforms on the market. The analysis (see the complete report) would have revealed the possibility of accessing a badly protected database, inside which 24.4 GB of data relating to millions of users would be stored.

The problem would be inherent in particular in the "Cloud Hospitality", an interchange system for managing the availability on which the booking platforms subsequently operate. Data leakage would be particularly serious for two reasons. The first is the age of the database, which starts as early as 2013. The second is the completeness of the data stored there, as it relates to (complete) personal and financial information of each of the users.

The in-depth analysis of the case will explain what the impact of the data breach may be and clearly the problem will also have legal implications relating to the specific responsibilities on the incident. It should be noted that the problem was solved directly by the AWS technicians (not directly responsible for the incident) following the report of the researchers who discovered the vulnerable database, at least putting an immediate end to the problem pending further information on any access to data in the past .