- Cybernews uncovers massive leak from Spanish & Austrian hospitality platforms
- Attacker stole data via compromised accounts, exposed 6.5GB on open server
- Nearly 5 million users affected, with names, emails, phone numbers, birth details, and IDs harvested
Millions of records containing personally identifiable data were exposed on the internet when a cybercriminal who stole them left them on an open server, without a password or any other means of protection.
It was found by security researchers from Cybernews, who described their findings as a “massive operation” and a leak of “staggering” scale.
The data was being stolen from Spanish and Austrian hospitality platforms, such as Chekin (a Spain-based automated check-in service) and Gastrodat (an Austrian hotel management software provider).
Article continues below
Millions are affected
The attacker apparently compromised 527 accounts belonging to both hotels and hosts, and used them to access booking systems across the affected providers. They then used automated Python scripts to pull data from the platforms’ APIs. These scripts continuously collected booking and guest information and sent it to the attacker’s server, likely forwarding it in real time via Telegram.
The server itself was not protected, which is how Cybernews managed to pick it up. The researchers said it contained roughly 6.5GB of files, with a “massive trove” of personal data.
They said that in total, almost five million users were affected by this incident. By extracting data from more than 170 facilities worldwide, the miscreants pulled info on around 400,000 separate bookings, grabbing stay dates, reservation IDs, guest names, property addresses, and internal safety flags used by accommodation platforms.
They also grabbed people’s full names, phone numbers, email addresses, dates and places of birth and, in some cases, ID document details.
Looking into individual platforms, Cybernews found that Gastrodat details contain 361,000 booking records totaling 11.6 million entries, including 4.9 million unique email addresses. The Chekin data, on the other hand, contains 311,400 records, with 133,900 unique emails and 253,000 ID document numbers.
The list of all compromised accounts, their credentials, email addresses, and JWT tokens, were also on the server, together with identifiers linking each account to specific booking platforms.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/HDmLfLnodeQwoLrT6yCHrH-1920-80.jpg
Source link
