The Spanish developer Prestige software has experienced a data breach after misconfiguring an AWS bucket. The breach has lead to the exposure of their cloud database, and the data of millions of hotel guests. Prestige software is a platform which enables hotels to automate their availability on booking site such as Expedia.
The misconfigured S3 bucket contained more than 100 individual login details, dating back to as far as 2013. Mark Holden, a Website Planet researcher believes that the total number of affected users could be even larger than this, as some of the logs contained personally identifiable information (PII) from multiple members of a single booking, for users booking for whole families or group trips. The personal data which was leaked contains full names, national ID numbers, phone numbers and email addresses of hotel guests who have booked through sites using the software. For hundreds and thousands of these users, their card booking details have also been exposed, including their card numbers, cardholder’s names, card experation dates and CVVs.
