The Limited Times

Now you can see non-English news...

Did you book a hotel online? Your details may have been leaked Israel today

2020-11-08T11:59:36.674Z


| Technology NewsPersonal information of millions of users around the world - such as credit information and ID numbers - has been exposed to hackers • Among the sites affected: Booking, Association and Expedia • Have you booked from these sites in the last 7 years? This is what you need to know Photo: Yinon Ben-Shoshan Information security company Website Planet has revealed that more than 10 million files wit


Personal information of millions of users around the world - such as credit information and ID numbers - has been exposed to hackers • Among the sites affected: Booking, Association and Expedia • Have you booked from these sites in the last 7 years?

This is what you need to know

  • Photo: Yinon Ben-Shoshan

Information security company Website Planet has revealed that more than 10 million files with users' personal information were stored on a server that was vulnerable to hackers.

The information included, among other things, full names, email addresses, ID numbers, phone numbers, credit card numbers, including CVV code and card validity.

This is a loophole that has affected the world's largest hotel booking sites - including Booking, Association, Expedia (Expedia) and Hotels.com.

This is a hotel booking platform called Prestige Software which is used by the same reputable sites and was perceived as storing the information on unsecured servers.

According to the publication, it stored the files in Amazon Web Services - Amazon's cloud storage services.

In total, these are 24.4 GB files collected from 2013 until the last few months, which means that mountains of information were exposed.

Website Planet states that any site that worked with the Prestige Software management system was compromised.

"Transfer the information to a cloud server"

"The company purchased a server from Amazon, in which it kept a history of orders stored by their software, installed at their customers' hotels. Because the server they bought from Amazon did not pass an information security test, an open channel remains for the Internet to view information provided by scanning software. Channel ", explains Ido Naor, CEO of Security Joes in a conversation with" Israel Today ".

"Because the channel is very common among information security experts and there are simple software for communicating with the same channel - researchers found the open server for the Internet and retrieved the information. More precisely, 10 million information records, ie hotel reservations, from 2013 to date," adds Naor. .

"What appears to be is that they transferred from the software (certainly not to the knowledge of their customers) the credit cards and details listed in the article to which cloud server they - apparently - did not set it to be blocked to the Internet and so it basically remained exposed to any applicant."

The information security company Check Point stated that so far it is not known about hackers who took advantage of the information that was misused, although this cannot be ruled out.

"The rapid transition of many companies to remote work has led to increased use of cloud services in order to allow access from home to the company's databases and resources. However, without proper security measures, sensitive information may be exposed to the Internet - and end up hurting the company's customers," said Lotem Finkelstein. Director of the Cyber ​​Intelligence Department.

"When using cloud services for the storage of information, especially sensitive information, security and cloud experts are needed to ensure that access is made only from authorized sources. In this case, as in many other cases, the information was not secured at all, and was accessible to anyone who wanted it. ", Finkelstein added.

Book a hotel at one of the sites?

This is what is recommended in check ponit

• It is recommended to use double verification for email account and online credit card charges.

This is to ensure that no actions are taken without your knowledge.





• It is advisable to be more vigilant for phishing attacks that carry the details you have provided to the tourism companies.

Such attacks may come in the near future.

• It is recommended to contact the credit card company to make sure that the card is protected against purchases that are not typical of the user.

• Switch to the use of clearing services such as PayPal that do not disclose credit card information in online purchases, thus ensuring that even if information is revealed as in this case, it will not be possible to make a purchase using this information.

Source: israelhayom

All tech articles on 2020-11-08

You may like

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.