Thanks to a data breach at software provider FastBooking, hackers have successfully stolen customer data from hundreds of hotels. Taking advantage of app vulnerability, the attackers installed malware to the Fastbooking server for remote access undiscovered for several days.
FastBooking Data Breach Affected Hundreds Of Hotels
According to a recent report, the hotel booking software provider firm FastBooking suffered a major cyber attack. Allegedly, this massive FastBooking data breach exposed customers’ data from hundreds of hotels to the hackers.
Right after noticing the breach, the firm quickly sent emails to their customers informing them about the matter. They also put up a notice on their website explaining the details. As revealed, the breach started on June 14, 2018 however the company only noticed it on June 19, 2018, after which it took measures to close the breach. Nonetheless, the hackers managed to pilfer a large chunk of data by this time.
FastBooking suspects that the breached data may include personal information of the customers. This includes their names, addresses, nationality, hotel reservations, check-in and check-outs dates. More worryingly in some cases customers payment details including their card numbers and expiration dates have also been taken.
How Did It Happen?
The hackers exploited a flaw in the web-server hosted app to install a malware through which they accessed the database. Noticing the presence of this malware on the server, the firm realized an unauthorized access to their server. This appears a somewhat similar trick used in the recent PageUp data breach.
As disclosed in their official notice,
“Vulnerability in an application hosted in the server were used to install a malicious tool enabling remote access to data stored on the server. The tool was used to exfiltrate data…. Following the discovery of a suspicious application, the server log files were analyzed (computer activity traces) and we found out that some files containing data had leaked.”
Nonetheless, they also confirm that they have taken appropriate security measures to prevent such incidents. Yet, they have not discussed them in detail.
“Fastbooking immediately eradicated the vulnerability and took steps to prevent this incident from recurring and to mitigate any negative consequences: implementing higher security standards, changing passwords on our systems, and so on.”
Based in Paris, FastBooking provides hotel-booking software to approximately 4000 hotels located in 100 countries – at this time it is unclear exactly how many customers have been affected by this breach.
Let us know your thoughts in the comments section.