The post Information breach exposes hotel guests’ data in Taiwan appeared first on TD (Travel Daily Media) Travel Daily Media.
Blockchain technology solutions company OwlTing inadvertently exposed 765,000 users’ sensitive data by leaving open access to its AWS storage (S3).
The spill was initially reported last 29th July and primarily affected hotel guests in Taiwan.
A routine investigation using OSINT methods, discovered a misconfigured Amazon S3 bucket storing a massive amount of files. S3 buckets are simple cloud storage containers on Amazon Web Services (AWS), similar to file folders for storing files.
Over 168,000 CSV and XLSX documents in the bucket contained the personally identifiable information (PII) of over 765,000 customers.
OwlTing, a Taiwanese company that serves global travel, food safety, hospitality, media, and other e-commerce sectors and offers well-recognized blockchain solutions, was pinpointed as the source of the leak.
The company confirmed the incident and took appropriate actions to close the leak. However, it somewhat downplayed the severity, issuing a statement that said: “The incident did not involve any sensitive data.”
What data was exposed?
Following the discovery, investigators remarked: “The leakage of personal information such as full names, phone numbers, and hotel reservation details can lead to various forms of identity theft and fraud, posing serious risks to the affected individuals.
Findings show that the bulk of the compromised data appears to be related to hotel management services As such, these mostly contained booking data from popular platforms, such as Booking, Expedia, and others.
The leaked data included the full names of customers, their personal and business contact numbers, and several email addresses. Hotel booking details, including dates for orders, check-ins and check-outs, room numbers and types, amounts paid and outstanding, currency, and the reservation service used for booking were also compromised.
Over 92 percent of the exposed phone numbers belong to users from Taiwan. The compromised dataset also included thousands of users from Japan, Hong Kong, Singapore, Malaysia, Thailand, and South Korea. Almost no American users were identified. However, the leak contained hundreds of users from most European countries.
The post Information breach exposes hotel guests’ data in Taiwan appeared first on Travel Daily Media.
