Approximately a whopping 25 GB of sensitive personal information was leaked on the net from a misconfigured AWS S3 bucket of Prestige Software. The company is based in Barcelona, Spain that caters to software-based solutions mostly for Cloud Hospitality. The company’s few well-known clients are Expedia, Amadeus, Booking.com, Hotels.com, Agoda, Omnibees, and other similar businesses that tend to hotel reservations.
The prestigious Software company offers automation and technological advances to their clients that mainly focus on hotel reservations or bookings. They provide the current Cloud Hospitality trend that provides web service and ease of experience to their clients and guests. It also includes hotel analytics and listing services for better hotel management. Hence, their platform can gather personal information from guests or customers that uses their services.
Based on the submitted report, the leaked information contains sensitive information that goes back to 2013 about hotel guests and travel agents using their service, including credit card information. Such information as full names, contact numbers, email addresses, booking dates, and credit card details (name, CVV code, and expiration date) was part of the exposed data.
Due to this unfortunate event, Prestige Software will face an enormous penalty as a sanction per General Data Protection Regulation since Spain is part of the European Union, and exposed data also includes European citizens.
An in-depth analysis confirmed that the leaked data has been exposed on the internet since July and September. Which has been noticed and been reported to the AWS Team only in September. Further review of the content and the magnitude of damage is still being assessed. At the same time, this report is being written as speculation, rumors rose that other platforms have been interconnected to the cloud services that may also be compromised. The report is in conjunction with the extent of the damage that the customer’s details listed on the leaked information. They are still gauging if the exposed data may have been sold off to the dark web or are now experiencing unauthorized transactions with their account.
But the Prestige Software leak still requires confirmation from the cybersecurity experts that are still investigating the report.
This is another lesson to learn when holding or storing personal and financial information. A misconfigured database can result in havoc and ends in malicious actors that can be sold off to other adversaries. Eventually, the innocent customers end up losing at the end.
Every company must deploy secure stronghold storage and run service maintenance to ensure that the data will not be exposed publicly. Foolproof security authentication should be in place to avoid being compromised by many adversaries through a ransomware attack. This will just add for a graver loss not with just money but to build the clients’ and customers’ trust.