S3: Millions of hotel reservations exposed in massive data breach


In a high severity data breach totaling 10,000,000+ files, Prestige Software, a hotel reservation platform based in Spain, exposed the banking details of over a million customers. This company provides automated online booking services to customers looking to reserve hotels for their next vacation or work trip.

The customer data exposed include credit card details
The customer data exposed include credit card details
Key Facts
  1. 1

    The customer data exposed include:

    - PII data: Names, phone numbers, email IDs, and ID numbers.

    - Credit card details: Account number, CVV number, expiration date, card holder’s name, and cost of hotel reservations.

    - Reservation details: Dates of stay, number of guests, names of all guests, contact information, and more.

  2. 2

    The company, Prestige Software, was storing all their customer and reservation data on an AWS (Amazon Web Services) S3 bucket.

  3. 3

    S3, or Simple Storage System, is an object storage technology provided by AWS for the purpose of storing classified and sensitive data.

  4. 4

    Now, certain compliance and standards need to be maintained when using an S3 bucket to store data.

  5. 5

    Such regulatory compliance allows companies to store the data securely and build solid layers of security against data breaches. An important part of the same is respecting PCI DSS.


Why did this data breach occur?

Based on the scale of personal identification information data exposed, experts believe that the breach occurred due to a misconfigured AWS S3 bucket with respect to poorly maintained PCI DSS, or Payment Card Industry Data Security Standard. PCI DSS is a crucial information security standard that protects the data of branded credit card holders and allows them to make safe and secure transactions on online portals.

According to websiteplanet.com, Prestige Software was not following this standard, which resulted in the ability to accept and process credit card statements to become subdued. The resulting data breach effortlessly sourced all sensitive information leading to millions of customers exposed on the Internet. The effects of this data breach will be felt by the company directly in terms of negative press coverage, loss of business, and legal action. They will also have to face heavy fines due to GDPR and Data Privacy Violations.

This data breach doesn’t just affect customers and the company itself but also exposes its clients, including big names such as Expedia, Booking.com, Agoda, Sabre, Omnibees, and more. What’s more concerning is that while investigations were ongoing regarding the data breach, new customer records were still being accepted, recorded, and uploaded on the platform.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …