Hackers claim to have stolen 700,000 guest records belonging to Choice Hotels, one of the largest hotel chains in the world. Security researcher Bob Diachenko discovered the unsecured database, which was left exposed and accessible to anyone with an internet connection.
Diachenko immediately notified the company of the exposed MongoDB instance, but it appears malicious actors got to it first. The hackers apparently stole and demanded ransom for more than 700,000 customer records belonging to major hotel franchisor Choice Hotels, including names, addresses, payment records, email addresses, and phone numbers.
The company says the data was hosted on a vendor’s server, and no Choice Hotels servers were accessed. “The vendor was working with the data as part of a proposal to provide a tool”.