Original Post from SC Magazine
Author: Teri Robinson
A leak at Autoclerk, a reservations management system recently
acquired by the Western Hotel & Resorts Group, exposed personal and travel information
on hotel guests, including members of the U.S. government, military and Department
of Homeland Security.
“Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future,” according to a blog post by vpnMentor, whose researchers, led by Noam Rotem and Ran Locar, discovered the leaky Elasticsearch database hosted by AWS on Sept. 13 as part of a larger web mapping project. “Our team viewed logs for U.S. army generals traveling to Moscow, Tel Aviv, and many more destinations. We also found their email address, phone numbers, and other sensitive personal data.”
That particular platform exposed in the database belonged to a contractor that manages travel arrangements for U.S. government and military personnel and independent contractors who work with American defense and security agencies.
“This represents a major flaw in the data security apparatus around such sensitive information,” the blog maintained. “Any company concerned with the travel logistics of high-level military personnel should be adhering to the strictest data protection practices.”
contacting the United States Computer
Emergency Readiness Team (CERT) on Sept. 13 then the U.S. Embassy in Tel Aviv
on Sept. 19 and the Pentagon on Sept. 26, the database remained open until
leak exposed sensitive personal
data of users and hotel guests, along with a complete overview of
their hotel and travel reservations. In some cases, this included their
check-in time and room number,” the researchers wrote. “It affected 1,000s of people across the globe, with
millions of new records being added daily.”
addition to names, birthdates, home addresses, phone numbers, travel dates and
costs and masked credit card details, in some cases, “once a guest had checked
in to a hotel, their check-in time and room number also became viewable on the
database,” the researchers said.
The post Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel appeared first on SC Media.
Go to Source
Author: Teri Robinson