Millions of hotel guest reservations leaked in Otelier data breach

Posted by:
James Thompson
Tue, 21 Jan
0 Comment
Feature image

A threat actor has used an infostealer to access Otelier’s AWS S3 bucket, managing to exfiltrate almost 8TB of sensitive data including reservations and personally identifiable information. This incident is part of a broader supply-chain attack affecting high-profile hotel chains like Marriott and Hilton.

Otelier, a hotel management platform used by over 10,000 hotels worldwide, fell victim to malicious actors who obtained Atlassian login credentials from an employee. They then accessed S3 buckets, extracting millions of documents belonging to Marriott, compromising data such as guest reservations, transaction details, and employee emails.

Marriott disclosed that the stolen data also included personal details like names, addresses, phone numbers, and email addresses of hotel guests. Hundreds of thousands of email addresses were exposed in the breach. Both Otelier and Marriott have confirmed the breach and are taking steps to enhance cybersecurity measures.

In response to the incident, Otelier has engaged cybersecurity experts to conduct a thorough forensic analysis and strengthen security protocols. Marriott revealed that the attackers attempted to extort the company, mistakenly assuming ownership of the data. This development follows a recent penalty imposed on Marriott for a previous security breach.

Tags:

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments