vpnMentor’s research team discovered the unprotected server through port scanning to examine known IP blocks.
Researchers discovered 85.4GB of security audit logs, the exposed data also include monitoring and alerts, reported system errors, misconfiguration, policy violations, potential attempted malicious breaches, and other cybersecurity events. Unsecured data also include personally identifying information (PII) of employees.
Exposed data is date back to April 19, 2019, likely the date of the system setup or reconfiguration that is the root cause of the leak.
The unsecured server exposed audit logs generated by Wazuh, an
“The Pyramid Hotel Group utilizes Wazuh – an open source intrusion detection system – on an unsecured server that is leaking information regarding their operating systems,
The Pyramid Hotel Group manages hospitality and resort properties in the US, Hawaii, the Caribbean, Ireland, and the UK, it includes locations of several brands such as Marriott, Sheraton, Plaza, Hilton Hotel and other independent hotels.
Data leaked by the company could be used by attackers to gather information about hotels’ network and security measures implemented to protect them. This information could be used by hackers in later attacks.
Below the timeline of discovery:
|5/27/19||Breach discovered by vpnMentor Research team|
|5/28/19||Informed PHG of breach|
|5/28/19||Received acknowledgement from PHG|
|5/29/19||Data leak closed. Problem resolved.|
Recently vpnMentor experts discovered an unprotected database impacting up to 65% of US households.
If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”
(SecurityAffairs – Pyramid Hotel Group, data leak)