Travel booking giant leaks 1TB of data, including customer credit cards
/https://specials-images.forbesimg.com/imageserve/649687629/0x0.jpg)
Another major data breach has been discovered by security researchers. This time around, a misconfigured server dumped more than a terabyte of data on business and leisure travelers – and that data included their payment card details.
no
Getty
Two weeks ago, a vpnMentor team led by Noam Rotem and Ran Locar stumbled upon the exposed database. They immediately started browsing its contents to find out who owned the server.
The answer: Gekko Group, based in France, a subsidiary of AccorHotels, which presents itself as the leading European hotel reservation platform. Comprised of several brands, Gekko Group is connected to 14,000 travel agents and 600,000 hotels around the world.
VpnMentor researchers found a number of files on the exposed server related to two Gekko brands: Infinite Hotel, which handles wholesale hotel reservations, and Teldar Travel, a full-service B2B travel platform. who handles everything from accommodation to car rentals and excursions.
There was a lot of data exposed: customer names, e-mail addresses, physical addresses, travel dates and destinations. Even more alarmingly, vpnMentor has also discovered unencrypted payment card details and usernames and passwords (also unencrypted) used by customers of the Gekko group to access its booking platforms.
vpnMentor notes in its report that the data could have allowed someone to accumulate fraudulent charges on business and personal credit cards. That may not have happened in the past two weeks, but the database could have been exposed long before vpnMentor researchers found out.
More sophisticated attackers may have used the exposed information in spear phishing attacks, targeting travel agents with malware or business email compromise (BEC) scams.
Regardless of when the misconfiguration occurred, vpnMentor said that “this represents a serious gap in the data security protocols of the Gekko Group and its subsidiaries”, adding that there are “serious implications for the many people involved “.
This doesn’t just mean travelers, who may need to cancel credit cards and sign up for credit monitoring or identity protection services afterwards.
Although the leak was sealed less than a week after vpnMentor’s initial notification, the story is far from over for the Gekko Group. French data and privacy regulation authority, the National Commission for Informatics and Freedoms will want answers. Investors too.
AccorHotels made the following statement: âOn November 13, Teldar & H-Corpo, two companies directly owned by Gekko Holding, were informed of a security incident involving one of their servers which store log files.
At this stage of the investigations, there is no indication that this vulnerability has been exploited for fraudulent or malicious purposes.
The security breach was immediately fixed on November 13. Since then, two vulnerability detection tools have been integrated into Gekko’s IT systems security processes to ensure that an incident of this nature does not recur in the future.