Submitted via IRC for BoyceMagooglyMonkey
The personal details and payment card data of guests from hundreds of hotels, if not more, have been stolen this month by an unknown attacker, Bleeping Computer has learned. The data was taken from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries —as it claims on its website.
In emails the company sent out to affected hotels today, FastBooking revealed the breach took place on June 14, when an attacker used a vulnerability in an application hosted on its server to install a malicious tool (malware). This tool allowed the intruder remote access to the server, which he used to exfiltrate data. The incident came to light when FastBooking employees discovered this malicious tool on its server.
According to FastBooking, the intruder stole information such as a hotel guests' first and last names, nationality, postal addresses, email addresses, and hotel booking-related information (hotel name, check-in, and check-out details). In some cases, but not all, the intruder also obtained payment card details were also stolen, such as the name printed on the payment card, the card's number, and its expiration date. Not all of FastBooking's customers were impacted the same. The attacker stole just guest details from some hotels, payment card details from others, or both in other cases.
(Score: 3, Insightful) by Alfred on Friday June 29 2018, @08:29PM (1 child)
(Score: 0) by Anonymous Coward on Saturday June 30 2018, @11:09AM
This would not be shocking if it was about propertyme.com either