Gekko Group is a leading European B2B hotel booking platform that also owns smaller hospitality brands, including Teldar Travel & Infinite Hotel. The AccorHotels subsidiary has a combined customer base of 600,000 hotels worldwide.
“Hosted in France on servers belonging to OVH SA, the compromised database was huge, containing approximately 1TB of data.” reads the report published by vpnMentor.
“While the data belonged to AccorHotels – via their ownership of Gekko Group – it originated from many different businesses within Gekko Group. The bulk of the data came from two sources: Teldar Travel & Infinite Hotels.”
Data included in the database included:
The archive included data in numerous languages originating from multiple countries, mostly in Europe (Spain, The United Kingdom, The Netherlands, Portugal, France, Belgium, Italy, Israel).
Most of the records were originated from two companies owned by AccorHotels subsidiary
The database also contained many invoices exposing financial details of travel agents and their customers, and thousands of plain text passwords linked to accounts on Gekko Group-owned platforms.
An attacker using the passwords could have had access to the account to carry out certain actions, including booking on the account credit, canceling existing bookings, accessing invoices, many more possibilities.
On November 13th, after a week of attempts of contacts, the researchers received a response from AccorHotels. The company secured the database almost immediately they received the info about the archive. Below the timeline of the incident: