Prestige Software, a Barcelona and Madrid based reservation booking company, has exposed its database, containing over 10 million user records. This was reported by Website Planet, who claims to have seen an AWS S3 without any authentication. It’s unknown how long the database was exposed and who might have accessed it.
Database Exposing Over 10 Million User Records
Experts and cybersecurity agencies often warn about unprotected databases, which are left exposed on the internet and letting threat actors breach it. While we’ve seen instances of MongoDB and ElasticSearch extensively, the latest alert by the FBI about SonarQube instances is also a notable issue. Joining this group now is Amazon’s AWS bucket.
Companies that host their data on AWS have a fair advantage but are often reported to be making common mistakes like leaving in default passwords or not setting anything at all!
Such misconfigurations can let attackers access it and exfiltrate in some cases, using it for other exploitations. One such company is Prestige Software, an online hospitality firm managing the online reservations of hotels.
As Website Planet reported, Prestige Software has exposed its database on the AWS S3 bucket and secured it after being notified. It said the whole database was worth 24.4 GB, containing more than 10 million exposed files. This affects hotel reservation companies like Agoda, Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, Sabre, etc.
Researchers reported that the exposed database contained PII of millions of users, in the format of Full names, email addresses, national ID numbers, and phone numbers of hotel guests. Further, there’s also the sensitive credit card data like card number, cardholder’s name, CVV, expiration date, and payment details for hotel reservations.
The trove is updated with thousands of records while being exposed; as Website Planet said, over 180,000 records from August 2020 were seen. As such, exposures can give rise to identify theft, impersonation, and common phishing attacks for further exploitation.
- V Shred Data of 99,000 Users Leaked Via an Open AWS Bucket
- AWS Hit By an Eight-Hour DDoS Attack
- New Phishing Attack Campaign using Amazon Web Service