Meet Ur Planet

Main Menu

  • Home
  • Plane boarding
  • Tourist guide
  • Hotel accommodation
  • Travel booking
  • Vacation rentals

Meet Ur Planet

Header Banner

Meet Ur Planet

  • Home
  • Plane boarding
  • Tourist guide
  • Hotel accommodation
  • Travel booking
  • Vacation rentals
Travel booking
Home›Travel booking›Travel booking giant leaks 1TB of data, including customer credit cards

Travel booking giant leaks 1TB of data, including customer credit cards

By Meg P. Sousa
November 23, 2019
0
0


Another major data breach has been discovered by security researchers. This time around, a misconfigured server dumped more than a terabyte of data on business and leisure travelers – and that data included their payment card details.

no


Getty

Two weeks ago, a vpnMentor team led by Noam Rotem and Ran Locar stumbled upon the exposed database. They immediately started browsing its contents to find out who owned the server.

The answer: Gekko Group, based in France, a subsidiary of AccorHotels, which presents itself as the leading European hotel reservation platform. Comprised of several brands, Gekko Group is connected to 14,000 travel agents and 600,000 hotels around the world.

VpnMentor researchers found a number of files on the exposed server related to two Gekko brands: Infinite Hotel, which handles wholesale hotel reservations, and Teldar Travel, a full-service B2B travel platform. who handles everything from accommodation to car rentals and excursions.

There was a lot of data exposed: customer names, e-mail addresses, physical addresses, travel dates and destinations. Even more alarmingly, vpnMentor has also discovered unencrypted payment card details and usernames and passwords (also unencrypted) used by customers of the Gekko group to access its booking platforms.

vpnMentor notes in its report that the data could have allowed someone to accumulate fraudulent charges on business and personal credit cards. That may not have happened in the past two weeks, but the database could have been exposed long before vpnMentor researchers found out.

More sophisticated attackers may have used the exposed information in spear phishing attacks, targeting travel agents with malware or business email compromise (BEC) scams.

Regardless of when the misconfiguration occurred, vpnMentor said that “this represents a serious gap in the data security protocols of the Gekko Group and its subsidiaries”, adding that there are “serious implications for the many people involved “.

This doesn’t just mean travelers, who may need to cancel credit cards and sign up for credit monitoring or identity protection services afterwards.

Although the leak was sealed less than a week after vpnMentor’s initial notification, the story is far from over for the Gekko Group. French data and privacy regulation authority, the National Commission for Informatics and Freedoms will want answers. Investors too.

AccorHotels made the following statement: “On November 13, Teldar & H-Corpo, two companies directly owned by Gekko Holding, were informed of a security incident involving one of their servers which store log files.

At this stage of the investigations, there is no indication that this vulnerability has been exploited for fraudulent or malicious purposes.

The security breach was immediately fixed on November 13. Since then, two vulnerability detection tools have been integrated into Gekko’s IT systems security processes to ensure that an incident of this nature does not recur in the future.


Related posts:

  1. Ability to Cancel or Change Travel Booking Not Negotiable for South Africans, Investigation Finds
  2. Similar travel booking websites could cost consumers dearly
  3. Ixigo Travel Booking App to Undertake Makemytrip with Rs 1,600 Crore Ipo
  4. Luxury travel booking site Virtuoso removes all Trump hotels from listings, sign of further erosion of the Trump brand

Categories

  • Hotel accommodation
  • Plane boarding
  • Tourist guide
  • Travel booking
  • Vacation rentals

Recent Posts

  • Ice Poseidon explains his side of the infamous plane crash that led to Twitch’s ban
  • Beware of Claims of Financial Inclusion Amid Cryptocurrency
  • Why the middle seat passenger should have both armrests on the plane
  • Flip-flops and other clothing items that could get you banned from flying
  • Virginia Court Approved $489 Million in Aid for Victims of Illegal Internet Payday Loans

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • March 2018
  • February 2018
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • January 2017
  • December 2016
  • September 2016
  • April 2016
  • March 2016
  • February 2016
  • November 2015
  • October 2015
  • August 2015
  • July 2015
  • June 2015
  • April 2015
  • June 2014
  • April 2014
  • March 2014
  • August 2013
  • July 2013
  • April 2013
  • September 2012
  • March 2012
  • February 2011
  • June 2009
  • Privacy Policy
  • Terms and Conditions