Security experts at vpnMentor’s discovered a breach in a database belonging to Autoclerk, a reservations management system owned by Best Western Hotels and Resorts Group.
The data leak exposed
“Led by Noam Rotem and Ran Locar,
“The data Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.”
The list of affected users
“For the US government, alarm bells should be ringing. One of the platforms exposed in the database was a contractor of the US government, military, and DHS. The contractor manages the travel arrangements of US government and military personnel, as well as independent contractors working with American defense and security agencies.” continues
The database was hosted by Amazon Web Servers located the USA and it contained over 179GB of data. The database contained 100,000s of booking reservations for guests and travelers, exposed user data includes full name, date of birth, home address, phone number, dates & costs of travel, masked credit card details.
For some reservations, the archive included data related to the guest check-in
Most of the data in the database
“For this reason, the database our team found was connected to myriad hotel and travel platforms. Some examples of the external client platforms compromised by the leak include:
The database was discovered on September 13, 2019, and it was secured on October 2, 2019, below the complete timeline:
“The greatest risk posed by this leak was to the US government and military. Significant amounts of sensitive employee and military personnel data could now be in the public domain.” concludes the experts. “This gives invaluable insight into the operations and activities of the US government and military personnel. The national security implications for the US government and military are wide-ranging and serious.”
(SecurityAffairs – US government, Autoclerk data le