Chances are if you’ve booking a hotel online before, you might have used popular platforms like Hotels.com, Expedia, and Booking.com. Unfortunately, it seems that if you have used either of these platforms, your data might have been exposed as a result of a massive data breach that has affected these platforms.
Now, it isn’t so much the platforms themselves that leaked the data, but rather the software that they use to power their websites. The software in question is called Cloud Hospitality that was stored on a misconfigured Amazon Web Services S3 bucket. Due to the misconfiguration, over 10 million log files dating back to 2013 was exposed.
These logs are rather damaging because apparently, they contain personal identifiable information, which could be used to create fake accounts online, steal credit card information, and more. It could also potentially be used to hijack a reservation to steal someone else’s vacation if that’s what the hacker wanted.
It is unclear if this exposed information is being used or has already been stolen, but Website Planet reported on the 6th of November that at the time of their report, the S3 bucket was still live and was still in use, but we’re not sure if it has since been closed or if it has been properly reconfigured to prevent the exposure. In the meantime, if you have used online booking websites for hotels, then maybe keep an eye out for your accounts, change your passwords, and also monitor your credit cards for potential improper usage.