Comment: US Military And Government Data Included In 179GB Database Leak

By   ISBuzz Team
Writer , Information Security Buzz | Oct 22, 2019 05:30 am PST

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. It is said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. vpnMentor was able to view records relating to the travel arrangements of government and military personnel — both past and future — who are connected to the US government, military, and Department of Homeland Security (DHS). Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.

Full story here:

Commenting on the story are the following cybersecurity professionals:

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Hugo van Den Toorn
Hugo van Den Toorn , Manager, Offensive Security
October 22, 2019 1:33 pm

This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”.

With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organizations. As datasets grow to these sizes, the data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately, not everyone protects it like the valuable asset it is.

Last edited 4 years ago by Hugo van Den Toorn

Recent Posts

Would love your thoughts, please comment.x