The Hotel Group Accor Hotels has unfortunately seen one of its subsidiaries be the victim of a very serious data leak.
This leak resulted in a data disclosure of approximately 130,000 to 140,000 travelers. According to AFP, the vulnerability was originally due to a poorly configured computer server that left free access to all the relevant data.
This article will also interest you: A group of hackers arrested in Europe, the end of a large-scale hacking odyssey
As a reminder, Gekko is a platform for booking hotels and places to stay for acquired by the Accor Group in October 2017. This platform claims to work with more than 14,000 travel agencies 9 countries. The data leak involving Gekko Group exposed several usernames belonging to its clientele, ranging from simple names and surnames to bank details. "Due to a poorly set-up server that left an open connection port, data on 130,000 to 140,000 travellers were freely accessible (…) We became aware of the incident November 13" and the leak was plugged "on the same day"" explained the spokesman.
The company said it had notified those affected data leak since November 16.
The data that has been compromised come from just about "many countries, most Europeans. ». This data is derived from a reservation system other travel agencies and a certain company called Teldar Travel such as Teldar Travel described by Vp Mentor, the cyber security firm that discovered the flaw security.
The information was more than one To of data, consisting of email addresses, names and name names, booking history, not to mention details related to the credit cards used by customers or agencies. IDs connection that were also exposed "could be used by hackers to access the private accounts of platforms and charge expenses stored credit cards. "says the cybersecurity firm, while also suggesting phishing risks. In addition, "there have been fewer than 900 exposed credit cards without their required visual cryptogram for a payment" explained Fabrice Perdoncini, Ceo Gekko.
"And we have absolutely no knowledge of any possible fraudulent uses," the company spokeswoman said. However, by referring to these interactions, the database was compromised contained " large volumes of information from outside sources. 'whose Booking.com, vpnMentor meant.
According to the cyber security company, the National Commission for Information Technology and Freedoms (CNIL) has been alerted by it since 7 November. And it was not until November 13 that she received a reply from Accorhotels. In addition, CNIL noted that it had received "a notification of a breach of personal data from Gekko. November 16. Gekko's side read: "We acted strictly in accordance with (…) deadlines and procedures under the General Data Protection Regulations (GDPR) as well as by the CNIL. »
Now access an unlimited number of passwords: