Email
Password
Remember meForgot password?
    Log in with Twitter

article imageWhat's behind Autoclerks' leaky database? Special

By Tim Sandle     Oct 23, 2019 in Technology
Autoclerk's database has been found to be leaking information, which exposed travel data and personal details of hundreds of thousands online (including U.S. government personnel). CTO Vinay Sridhara of Balbix dives in.
In October 2019, Security researchers detected a leak in an Elasticsearch database belonging to Autoclerk, which is a reservations management system recently acquired by Best Western Hotels and Resorts Group.
The 179 GB database was connected to multiple online travel and hospitality platforms. The loss of data exposed personal inmformation and travel arrangements of thousands of hotel guests and members of the U.S. government, military, and Department of Homeland Security.
The data loss exposed information like reservations revealed customers' full names, dates of birth, home addresses, phone numbers, dates and costs of travel, and masked credit card details, according to The Register.
Commenting on the data loss for Digital Journal, CTO Vinay Sridhara of Balbix states: “Autoclerks’ error has created a risk to the U.S. government and military since substantial amounts of critical data that gives insight into the operations and activities of personnel has been compromised."
Leaving a database publicly available without any security barriers in place is one of the most common causes of data breaches in the cloud. A common concern with such systems is that given the self-service nature of cloud, those users who are not familiar with security settings can easily create databases or alter configurations.
However, the data loss goes beyond the military, according to Sridhara: "This breach has also exposed hundreds of thousands of civilians’ information, and it will be likely that the California-based company faces penalties for this incident."
In terms of the general implications arising from the data loss, Sridhara notes: "Organizations that are entrusted with keeping customer information safe, especially across connected platforms, must proactively identify and address vulnerabilities that would put it at risk before they become entry points for attackers, especially when the U.S. military and government are customers."
He also warns of future attacks: "Even though this type of leak is a seemingly simple vulnerability to fix, misconfigurations continue to leak critical data and that trend shows no signs of slowing down.”
More about Autoclerk, Data breach, data leak, Data privacy
 
Latest News
Top News