US Military Personnel Data Leaked From Unsecured Elasticsearch Database

US Government, Military, and Department of Homeland Security (DHS) data exposed from the Elasticsearch database that belongs to the reservations management system Autoclerk.

The leak exposed thousands of users and hotel guests data across the globe, the breach also impacted military security agencies.

Autoclerk is the contractor who manages the travel arrangements of the US government and military personnel, as well as independent contractors. The Autoclerk was recently acquired by Best Western Hotel & Resorts Group the biggest hotel chain in the world.

Data Exposed in Leak

Researchers from vpnMentor discovered the unsecured Elasticsearch database hosted by Amazon Web Servers in the USA and it contains over 179GB of data.

The database contains 100,000s of booking reservations for guests and travelers. Following are the personal details of users exposed

  • Full name
  • Date of birth
  • Home address
  • Phone number
  • Dates & costs of travel
  • Masked credit card details

In some hotels, even the check-in time and room number are also visible.

The travel, hospitality, and personal data were exposed, the leak exposed the personally identifying information (PII) of personnel and their travel arrangements. Our team viewed logs for US army generals traveling to Moscow, Tel Aviv, and many more destinations.

“Before adopting software or apps to manage an area of your business, make sure they are following data security best practices. If processing external data, such as a hotel guest or members of the public, you need to ensure this data is protected from hackers.”

By having personal details, attackers can extract more information, such as financial account details or sensitive passwords. Attackers may launch targeted phishing campaigns to trick victims into providing passwords, credit card details, or embed malicious software on a device.

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Also Read

Hospitality Company OYO Exposes Millions of Customer Data

Comodo Forums Data Breach – Approximately 245,000 Users Affected


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Published by

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

33 mins ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

17 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

18 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

18 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

21 hours ago