A HACKER HAS NICKED the personal and payment card data from the guests of hundreds of hotels after information was swiped from booking software firm FastBooking.
Bleeping Computer found this out and noted that an unknown attacker is behind the data thievery which took place on 14 June. The attacker exploited a vulnerability in an app hosted on FastBooking’s server and installed malware on it.
The malicious tool was able to remotely access the server and allow the hacker to syphon data from it. The data breach only came to light on 19 June, when FastBooking workers discovered the malware lurking on the server.
The breach was plugged less than three hours after it was discovered suggesting that FastBooking didn’t rest on its laurels, but nevertheless, the security hole had been open for five days.
Bleeping Computer reported, citing FastBooking, that the hacker pilfered information such as the guests first and last names, their email and postal addresses, nationality and other hotel booking related information.
And in some cases, the cyber-thieves managed to get their hands on payment card details, including the card’s number and expiration date, which is pretty handy when it comes to committing card fraud.
This meant that different users of FastBooking’s software and the impacted hotels were affected in different ways. But FastBooking was still forced to alert the affected hotels which are thought to potentially number in their hundreds if not pushing beyond the thousand mark.
There’s no sign of a statement from FastBooking yet, so we’re not sure exactly what its next steps are, But given it’s a French company and thereby subject to the European Union’s General Data Protection Regulation (GDPR) it will need to ensure it notifies the proper authorities and people otherwise a hefty fine could wing its way over.
The whole situation highlights the importance of having properly secured servers that have been rigorously checked for vulnerabilities, as it would appear that the hacker exploited an existing flaw rather than a zero-day bug. µ
Source : Inquirer