Hack Notice

Hack Notice: Sabre Hospitality Solutions

Sabre Hospitality Solutions

Led by Noam Rotem and Ran Locar, vpnMentors research team discovered a drudge in a database belonging to Autoclerk, a reservations management system owned by best Western Hotels and Resorts Group. Connected to various travel and hospitality-related platforms online, the exposed database posed a risk to many parties. A few weeks prior to our team discovering the leak, Autoclerk was bought by best Western Hotel & Resorts Group, potentially exposing one of the biggest hotel chains in the world. The leak exposed sensitive personal data of users and hotel guests, along with a complete overview of their hotel and traveling reservations. In some cases, this included their check-in time and room number. It affected 1,000s of people across the globe, with millions of new records being added daily. The most surprising victim of this leak wasnt an individual or company: it was the US government, military, and Department of homeland Security (DHS). Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future. This represented a massive hack of security for the government agencies and departments impacted. Timeline of uncovering and possessor Reaction Sometimes, the extent of a data nag and the owner of the data are obvious, and the egress quickly resolved. But rare are these times. Most often, we need days of investigation before we realize whats at stake or whos leaking the data. Understanding a cut and whats at stake takes careful attention and time. Some affected parties refuse the facts, disregarding our research or playing down its impact. We demand to be thorough and work sure everything we find is correct and true. We act hard on publishing accurate and trustworthy reports, to see everybody who reads them understands their seriousness. In this case, due to the number of external origin points and sheer size of the data exposed, the possessor of the database was unclear for a little while, but we suspected it belonged to Autoclerk for a number of reasons. Meanwhile, we have contacted the United States Computer exigency Readiness Team (CERT). We outlined the nature of the leak, and the government, military, and DHS data that was exposed. However, at the time of publishing, they experience not replied to our email, ignoring our concerns. September 13th: Database discovered September 13th: US CERT contacted, no response September 19th: US Embassy in Tel Aviv notified about the lack of CERT response September 26th: contact made with example of the Pentagon, who ensures the issuing will be dealt with October 2nd: Database closed Examples of Entries in the Database The database was hosted by Amazon web Servers in the USA, containing over 179GB of data. Much of the data exposed originated from external trip and hospitality platforms using the database owners platform to interact with one another. The node platforms affected include property management systems (PMS), booking engines, and data services within the tourism and hospitality industries. Travel & Hospitality Platforms Affected Autoclerk is a combined reservations system for hotels, accommodation providers, traveling agencies and more. Its features include server- and cloud-based dimension Management Systems (PMS), a web booking engine, central Reservations Systems, and hotel PMS interfaces. For this reason, the database our team found was connected to myriad hotel and trip platforms. Some examples of the external client platforms compromised by the leak include: HAPI Cloud OpenTravel myHMS and CleanMeNext by Autoclerk Synxis by Sabre Hospitality Solutions While these platforms are mostly based in the US, the leak exposed users all over the world. Our team viewed many unencrypted login credentials to access accounts on additional systems external to the database, such as separate PMS platforms, guest ratings & survey systems, and more. Personal & traveling Data Exposed As the platforms exposed in this leak focused on move and hospitality, the database contained 100,000s of booking reservations for guests and travelers. This meant the personal details of guests in accommodations using an affected platform were also exposed. The info of people qualification reservations exposed includes: Full name Date of birth Home address Phone number Dates & costs of travel Masked citation card details On certain reservations, once a guest had checked in to a hotel, their check-in time and room number also became viewable on the database. All this information is incredibly valuable for felon hackers and online thieves.

About HackNotice and Sabre Hospitality Solutions

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and Sabre Hospitality Solutions was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of Sabre Hospitality Solutions their products, services, websites, or applications and you were a client of HackNotice, monitoring for Sabre Hospitality Solutions you may have been alerted to this report about Sabre Hospitality Solutions . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If Sabre Hospitality Solutions had a breach of consumer data or a data leak, then there may be additional actions that our clients should take to protect their digital identity. Data breaches, hacks, and leaks often lead to and reason identity theft, account submit overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice workings to monitor for hacks that guide to lower node certificate and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice works with clients to identify the extent that digital identities experience been exposed and provides remediation suggestions for how to handgrip each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that portion data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced surety practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share cut notices with their friend, family, and collogues to help increase awareness around alleged hacks, breaches, or data leaks. HackNotice works to supply clients with sharable reports to help increase the certificate of our clients personal network. The security of the multitude that our clients interact with directly impacts the rase of security of our clients. Increased photograph to accounts that get been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this hack notice to live helpful, then you may be interested in reading some additional cut notices such as:

s to careless disposal of used computer equipment or data storage media and unhackable source. Denow they get been hacked. The notion that you can protect your perimeter is falling by the wayside he absence of potentiality damage to private citizens, and the publicity around such an event may live missouri

Travel Reservations Platform Autoclerk Leaks U.S. Government Personnel Data - Security Magazine


Berman McAleer