700K Guest Records Stolen in Choice Hotels Breach

  /     /     /  
Publicated : 23/11/2024   Category : security

700K Guest Records Stolen in Choice Hotels Breach


Cybercriminals reportedly stole the information from an exposed MongoDB database on a third-party server.


Hotel franchisor Choice Hotels has confirmed a breach in which attackers stole 700,000 guest records from a publicly available MongoDB database without a password or any authentication.
The unsecured server, which the hotel chain says belonged to a third-party vendor, contained multiple databases holding more than 5.6 million records. Choice Hotels says most of this was test data, including fields referring to reservation details, passwords, and payment cards. Most of the 700,000 compromised records were in a database of 2.4 million records labeled privacy log and located in the same MongoDB instance. Exposed consumer data included names, physical and email addresses, phone numbers, and consent statuses, Comparitech reports.
Security researcher Bob Diachenko found the database on July 2, shortly after it was indexed by search engine BinaryEdge, and worked with Comparitech to analyze it. A ransom note demanding 0.4 Bitcoin was already there, likely left by an automated script targeting publicly accessible MongoDB databases, he believes. Diachenko notified Choice Hotels following his discovery; the firm secured the database on July 2 and began an investigation on July 28.
Choice Hotels says it will not be collaborating with this vendor in the future, and its taking a closer look at its vendor relationships to put additional controls in place. It also plans to implement a responsible disclosure program to learn of future security incidents.
Read more details
here
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
700K Guest Records Stolen in Choice Hotels Breach