Latest in Gear

Image credit: Matthew Ashton - AMA/Getty Images

Hotels.com, Expedia provider exposed data for millions of guests

It opened the door to theft and fraud.
Jon Fingas,
November 8, 2020
521 Shares
Share
Tweet
Share

Sponsored Links

LONDON, ENGLAND - OCTOBER 18: Coronavirus / COVID-19 information is advised to cobserve social distancing guidelines on a big LED screen alongside Hotels.com branding ahead of the Premier League match between Tottenham Hotspur and West Ham United at Tottenham Hotspur Stadium on October 18, 2020 in London, United Kingdom. Sporting stadiums around the UK remain under strict restrictions due to the Coronavirus Pandemic as Government social distancing laws prohibit fans inside venues resulting in games being played behind closed doors. (Photo by Matthew Ashton - AMA/Getty Images)
Matthew Ashton - AMA/Getty Images

The now has a potentially serious security headache on its hands alongside the pandemic. Website Planet that Prestige Software, the channel manager that links hotel reservations to sites like Hotels.com, Booking.com and Expedia, left data exposed for “millions” of guests on an Amazon Web Services S3 bucket. The 10 million-plus log files dated as far back as 2013 and included names, credit card details, ID numbers and reservation details.

It’s not certain how long the data was left open, or if anyone took the data. Website Planet said the hole was closed a day after telling AWS about the exposure. Prestige confirmed that it owned the data.

The damage could be severe if crooks found the data. WP warned that it could lead to all too common risks with hotel data exposures like credit card fraud, identity theft and phishing scams. Perpetrators could even hijack a reservation to steal someone else’s vacation.

The practical impact could be limited when few people are traveling during the pandemic. However, this does illustrate the dangers of a heavy reliance on third-party providers for platforms. The security is only as strong as the weakest link in the chain, and a vulnerability at one company risks compromising all of them.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
521 Shares
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
How to buy a PlayStation 5 on November 12th

How to buy a PlayStation 5 on November 12th

View
The PS5 will only be sold online on launch day

The PS5 will only be sold online on launch day

View
macOS Big Sur is out now

macOS Big Sur is out now

View
The guy who built his own smartwatch is back with a pair of  GPS smart glasses

The guy who built his own smartwatch is back with a pair of GPS smart glasses

View

From around the web

Page 1 Page 1 ear icon eye icon Fill 23 text file vr