Data Recovery Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Exposed Hotel Database Jeopardizes Data of 140,000 Customers

Despite our best efforts, it's virtually impossible to protect data from hackers and cyber criminals in the 21st century. Not only are they able to gain access to encrypted data, including highly sensitive information, but some even use that information to impersonate individuals and for other, equally nefarious purposes.

Making it Easy for Hackers

The threat of hackers and cyber criminals is already serious enough; there's no need to make their job easier by leaving sensitive information unprotected and accessible. However, that's exactly what one of Europe's largest hotel booking companies did – and the results were nearly catastrophic.

Gekko Group, a subsidiary of AccorHotels in France, provides booking and travel accommodations in junction with more than 600,000 hotels located around the world. As AccorHotels is recognized as Europe's largest hospitality firm, the news hasn't fallen on deaf ears.

According to recent reports, the company left an exposed database – complete with the names, addresses, credit card numbers, and passwords stored in a plaintext format – on a public online server. The data amounted to more than one terabyte.

A Watchful Eye

Luckily, there haven't been any reports of the data being misused. The exposed database was originally discovered by independent security researchers with the Israeli company, VPNMentor, who reported it immediately.

VPNMentor talked about the incident in a recent blog post by saying, in part: "This breach represents a serious lapse in data security by Gekko Group and its subsidiaries, compromising the privacy of their customers, clients, AccorHotels, and the businesses themselves."

Fabrice Perdoncini, CEO with Gekko Group, also responded to the incident by saying: ''"Ensuring the adequate protection of our clients' data is of utmost importance to Gekko Group, a B2B company. We acknowledge the seriousness of this matter and confirm that no malicious use or misuse of data has been reported so far."''

Representatives with Gekko Group are adamant that were less than 1,000 unencrypted credit card numbers within the database, but additional numbers could have been gleaned from scanned documents that were also located on the public server.

Amongst the unencrypted passwords were Gekko Group's credentials for the World Health Organization and many others. Hackers could have easily used this information to pay for travel and other arrangements on these accounts.

Assessing the Damage

While the damage appears to be minimal, a breach of this magnitude goes to show how easy it is to compromise your own data – either as a business or an individual. Believe it or not, events like this happen every single day. Although Gekko Group got incredibly lucky this time, that isn't always the case.

It's important to note that this story could have ended much differently. Had a group of hackers found the public server containing the exposed database, they could have caused untold amounts of damage.

For more information on VPNMentor, the group responsible for uncovering the exposed database in the first place, please visit their official website at www.VPNMentor.com.

Comments

No comments yet. Sign in to add the first!