US Government, Military, and Department of Homeland Security (DHS) data exposed from the Elasticsearch database that belongs to the reservations management system Autoclerk.
The leak exposed thousands of users and hotel guests data across the globe, the breach also impacted military security agencies.
Autoclerk is the contractor who manages the travel arrangements of the US government and military personnel, as well as independent contractors. The Autoclerk was recently acquired by Best Western Hotel & Resorts Group the biggest hotel chain in the world.
Researchers from vpnMentor discovered the unsecured Elasticsearch database hosted by Amazon Web Servers in the USA and it contains over 179GB of data.
The database contains 100,000s of booking reservations for guests and travelers. Following are the personal details of users exposed
In some hotels, even the check-in time and room number are also visible.
The travel, hospitality, and personal data were exposed, the leak exposed the personally identifying information (PII) of personnel and their travel arrangements. Our team viewed logs for US army generals traveling to Moscow, Tel Aviv, and many more destinations.
“Before adopting software or apps to manage an area of your business, make sure they are following data security best practices. If processing external data, such as a hotel guest or members of the public, you need to ensure this data is protected from hackers.”
By having personal details, attackers can extract more information, such as financial account details or sensitive passwords. Attackers may launch targeted phishing campaigns to trick victims into providing passwords, credit card details, or embed malicious software on a device.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber Security and hacking news updates.
Hospitality Company OYO Exposes Millions of Customer Data
Comodo Forums Data Breach – Approximately 245,000 Users Affected
We're currently living in an age where digital threats loom large. Among these, ransomware has…
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…