A software company that supports some of the biggest travel sites on the internet left user data exposed, affecting over 10 million guests…
Prestige Software, the company powering hotel reservation platforms for Hotels.com, Booking.com, and Expedia, has committed a serious privacy error. The company left the personal information of over 10 million users exposed on an Amazon Web Services S3 bucket. The sensitive data, exposed on the open web, was up for an unknown amount of time. What’s more, it isn’t yet known if any of said exposed data was compromised.
Hotels.com Exposes Personal Data of 10+ Million Users
The exposed personal data included names, credit card details, ID numbers, and reservation details. That’s enough information to commit a number of crimes, including identity theft, fraud, along with several other schemes. (At the very least, it could have allowed perpetrators to hijack reservations and steal someone else’s vacation.) The good news is that the hole was closed just a day after AWS was told about the exposure.
The incident, which is far from uncommon, serves as a stark reminder of just how much sensitive personal data is out on the web and how many sites have access to millions of consumers’ information. It also demonstrates that strategic digital alliances between large companies can have very dangerous and unintended consequences.