700K Guest Records Stolen in Choice Hotels Breach

  /     /     /  
Publicated : 23/11/2024   Category : security

700K Guest Records Stolen in Choice Hotels Breach


Cybercriminals reportedly stole the information from an exposed MongoDB database on a third-party server.


Hotel franchisor Choice Hotels has confirmed a breach in which attackers stole 700,000 guest records from a publicly available MongoDB database without a password or any authentication.
The unsecured server, which the hotel chain says belonged to a third-party vendor, contained multiple databases holding more than 5.6 million records. Choice Hotels says most of this was test data, including fields referring to reservation details, passwords, and payment cards. Most of the 700,000 compromised records were in a database of 2.4 million records labeled privacy log and located in the same MongoDB instance. Exposed consumer data included names, physical and email addresses, phone numbers, and consent statuses, Comparitech reports.
Security researcher Bob Diachenko found the database on July 2, shortly after it was indexed by search engine BinaryEdge, and worked with Comparitech to analyze it. A ransom note demanding 0.4 Bitcoin was already there, likely left by an automated script targeting publicly accessible MongoDB databases, he believes. Diachenko notified Choice Hotels following his discovery; the firm secured the database on July 2 and began an investigation on July 28.
Choice Hotels says it will not be collaborating with this vendor in the future, and its taking a closer look at its vendor relationships to put additional controls in place. It also plans to implement a responsible disclosure program to learn of future security incidents.
Read more details
here
.

Last News

▸ Commercial cyber attacks from India target U.S., Pakistan, China. ◂
Discovered: 26/12/2024
Category: security
▸ Yahoo Japan Data Breach: 22M Accounts Hacked ◂
Discovered: 26/12/2024
Category: security
▸ Black Hat 2013 trainings focus on Incident Response and Malware. ◂
Discovered: 26/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
700K Guest Records Stolen in Choice Hotels Breach