S3: Millions of hotel reservations exposed in massive data breach
In a high severity data breach totaling 10,000,000+ files, Prestige Software, a hotel reservation platform based in Spain, exposed the banking details of over a million customers. This company provides automated online booking services to customers looking to reserve hotels for their next vacation or work trip.
The customer data exposed include:
- PII data: Names, phone numbers, email IDs, and ID numbers.
- Credit card details: Account number, CVV number, expiration date, card holder’s name, and cost of hotel reservations.
- Reservation details: Dates of stay, number of guests, names of all guests, contact information, and more.
The company, Prestige Software, was storing all their customer and reservation data on an AWS (Amazon Web Services) S3 bucket.
S3, or Simple Storage System, is an object storage technology provided by AWS for the purpose of storing classified and sensitive data.
Now, certain compliance and standards need to be maintained when using an S3 bucket to store data.
Such regulatory compliance allows companies to store the data securely and build solid layers of security against data breaches. An important part of the same is respecting PCI DSS.
Why did this data breach occur?
Based on the scale of personal identification information data exposed, experts believe that the breach occurred due to a misconfigured AWS S3 bucket with respect to poorly maintained PCI DSS, or Payment Card Industry Data Security Standard. PCI DSS is a crucial information security standard that protects the data of branded credit card holders and allows them to make safe and secure transactions on online portals.
According to websiteplanet.com, Prestige Software was not following this standard, which resulted in the ability to accept and process credit card statements to become subdued. The resulting data breach effortlessly sourced all sensitive information leading to millions of customers exposed on the Internet. The effects of this data breach will be felt by the company directly in terms of negative press coverage, loss of business, and legal action. They will also have to face heavy fines due to GDPR and Data Privacy Violations.
This data breach doesn’t just affect customers and the company itself but also exposes its clients, including big names such as Expedia, Booking.com, Agoda, Sabre, Omnibees, and more. What’s more concerning is that while investigations were ongoing regarding the data breach, new customer records were still being accepted, recorded, and uploaded on the platform.
Get similar news in your inbox weekly, for free
Share this news:
The all-in-one monitoring solution for IT admins, DevOps and SREs
Get deep visibility into the performance of your complex enterprise applications and cloud native workloads. Identify potential issues, improve productivity, and ensure that your business and end users are unaffected by downtime and substandard performance ...
AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost
In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …
IT Monitoring Powered by AIOps
Harness the power of artificial intelligence (AI) and machine learning (ML) to monitor your IT resources with Site24x7's artificial intelligence for IT operations (AIOps) and machine learning operations (MLOps). Improve mean time to repair (MTTR) issues with the help of Site24x7 AIOps ...
A Review of Zoho ManageEngine
Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …
Should I learn Java in 2023? A Practical Guide
Java is one of the most widely used programming languages in the world. It has …
The fastest way to ramp up on DevOps
You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …
Why You Need a Blockchain Node Provider
In this article, we briefly cover the concept of blockchain nodes provider and explain why …
Top 5 Virtual desktop Provides in 2022
Here are the top 5 virtual desktop providers who offer a range of benefits such …
Why Your Business Should Connect Directly To Your Cloud
Today, companies make the most use of cloud technology regardless of their size and sector. …