Australia markets closed
  • ALL ORDS

    6,865.30
    +18.00 (+0.26%)
     
  • ASX 200

    6,634.10
    +18.80 (+0.28%)
     
  • AUD/USD

    0.7427
    -0.0013 (-0.17%)
     
  • OIL

    46.09
    +0.45 (+0.99%)
     
  • GOLD

    1,842.00
    +0.90 (+0.05%)
     
  • BTC-AUD

    25,296.51
    -53.34 (-0.21%)
     
  • CMC Crypto 200

    365.19
    -14.05 (-3.71%)
     
  • AUD/EUR

    0.6123
    +0.0001 (+0.02%)
     
  • AUD/NZD

    1.0529
    +0.0018 (+0.17%)
     
  • NZX 50

    12,631.38
    -17.53 (-0.14%)
     
  • NASDAQ

    12,528.48
    +61.35 (+0.49%)
     
  • FTSE

    6,550.23
    +59.96 (+0.92%)
     
  • Dow Jones

    30,218.26
    +248.74 (+0.83%)
     
  • DAX

    13,298.96
    +46.10 (+0.35%)
     
  • Hang Seng

    26,835.92
    +107.42 (+0.40%)
     
  • NIKKEI 225

    26,751.24
    -58.13 (-0.22%)
     

Hotels.com, Expedia provider exposed data for millions of guests

Jon Fingas
·Associate Editor
·1-min read

The hotel industry now has a potentially serious security headache on its hands alongside the pandemic. Website Planet reports that Prestige Software, the channel manager that links hotel reservations to sites like Hotels.com, Booking.com and Expedia, left data exposed for “millions” of guests on an Amazon Web Services S3 bucket. The 10 million-plus log files dated as far back as 2013 and included names, credit card details, ID numbers and reservation details.

It’s not certain how long the data was left open, or if anyone took the data. Website Planet said the hole was closed a day after telling AWS about the exposure. Prestige confirmed that it owned the data.

The damage could be severe if crooks found the data. WP warned that it could lead to all too common risks with hotel data exposures like credit card fraud, identity theft and phishing scams. Perpetrators could even hijack a reservation to steal someone else’s vacation.

The practical impact could be limited when few people are traveling during the pandemic. However, this does illustrate the dangers of a heavy reliance on third-party providers for platforms. The security is only as strong as the weakest link in the chain, and a vulnerability at one company risks compromising all of them.