Security experts at vpnMentor’s discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group.
The data leak exposed
“Led by Noam Rotem and Ran Locar,
“The data Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.”
The list of affected users
“For the US government, alarm bells should be ringing. One of the platforms exposed in the database was a contractor of the US government, military, and DHS. The contractor manages the travel arrangements of US government and military personnel, as well as independent contractors working with American defense and security agencies.” continues
The database was hosted by Amazon Web Servers located the USA and it contained over 179GB of data. The database contained 100,000s of booking reservations for guests and travelers, exposed user data includes full name, date of birth, home address, phone number, dates & costs of travel, masked credit card details.
For some reservations, the archive included data related to the guest check-in
Most of the data in the database
“For this reason, the database our team found was connected to myriad hotel and travel platforms. Some examples of the external client platforms compromised by the leak include:
The database was discovered on September 13, 2019, and it was secured on October 2, 2019, below the complete timeline:
“The greatest risk posed by this leak was to the US government and military. Significant amounts of sensitive employee and military personnel data could now be in the public domain.” concludes the experts. “This gives invaluable insight into the operations and activities of the US government and military personnel. The national security implications for the US government and military are wide-ranging and serious.”
(SecurityAffairs – US government, Autoclerk data le
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.