The compromised information includes the address, nationality, phone number, source of booking, credit card details of more than one million hotel guests.
Security breach in hospitality app compromises over one million credit cards. A lapse in judgement by the developers of India-based company Quoality. The company manages contactless check-ins and check-outs, hotel services, guest arrivals, automated messaging and payments through a guest management platform, Guest Experience (GX).
The compromised information includes the address, nationality, phone number, source of booking, credit card details of more than one million hotel guests. The leak occurred due to the lack of appropriate access controls in the Elastic Cluster (a group of connected servers used to store and search large amounts of data).
The major concern is that attackers could exploit this leak in the Elastic Cluster, by exploiting the full credit card details of the guests and using this confidential information to make unauthorized transactions from the victims’ bank accounts.
Serious concerns, especially pertaining to security and management of sensitive information, in addition to Quoality’s compliance with data protection laws and regulations have been raised in response to this data leakage.
“The data breach shows that the company failed to meet industry standards such as PCI-DSS for storing sensitive payment information”, said Aras Nazarovas, security researcher at Cybernews. Such inadequate adherence to secure payment information storage requirements can result in substantial fines from credit card companies as well as regulatory bodies.
“In accordance with our responsible disclosure guidelines, we reached out to the company. The data is no longer accessible publicly. However, we have not received any official comment from the company upon our request to get an official confirmation for a better understanding of the situation”, as reported by Cybernews officials.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.