Stories
Slash Boxes
Comments

SoylentNews is people

U.S. Government, Military Personnel Data Leaked By Autoclerk

posted by Fnord666 on Friday October 25 2019, @01:53PM   Printer-friendly
from the another-day-another-leak dept.

upstart writes:

Submitted via IRC for Bytram

U.S. Government, Military Personnel Data Leaked By Autoclerk

The travel reservation data, along with personal details, of hundreds of thousands was discovered in a database exposed online for all to see.

A leaky database owned by reservations management system Autoclerk has exposed the personal data and travel information for thousands of users – including U.S. government and military personnel.

Autoclerk, which was acquired by the Best Western Hotel and Resorts Group in August, provides reservation management software for hotels, accommodation providers, travel agencies and more. Researchers with vpnMentor on Monday said that they discovered an Elasticsearch database, owned by Autoclerk, exposed online that contained over 100,000 booking reservations for travelers.

“The database was hosted by Amazon Web Servers in the USA, containing over 179GB of data,” Noam Rotem and Ran Locar, researchers with vpnMentor, said in a Monday post. “Much of the data exposed originated from external travel and hospitality platforms using the database owner’s platform to interact with one another. The client platforms affected include property management systems (PMS), booking engines, and data services within the tourism and hospitality industries.”

Exposed information included unencrypted login credentials, full names, date of birth, home addresses, phone numbers, dates and costs of travel, and masked credit-card details. For certain reservations, after guests checked in to a hotel, their check-in time and room number also was viewable on the database.

Because Autoclerk software is used by third-party travel agencies, several external accommodation providers’ customers were impacted by the leak. Platforms whose clients were compromised as part of the leak include HAPI Cloud, OpenTravel and Synxis by Sabre Hospitality Solutions.

Disturbingly, one of the platforms exposed in the database was a contractor of the U.S. government, military and Department of Homeland Security (DHS), said researchers. The unnamed contractor manages the travel arrangements of U.S. government and military personnel, as well as independent contractors working with American defense and security agencies.

Original Submission

 
This discussion has been archived. No new comments can be posted.
U.S. Government, Military Personnel Data Leaked By Autoclerk | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Friday October 25 2019, @04:22PM

    by Anonymous Coward on Friday October 25 2019, @04:22PM (#911703)

    Can't be any worse than the OPM breach.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1