Comment: US Military And Government Data Included In 179GB Database Leak

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. It is said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. vpnMentor was able to view records relating to the travel arrangements of government and military personnel — both past and future — who are connected to the US government, military, and Department of Homeland Security (DHS). Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.

Full story here: https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/

Commenting on the story are the following cybersecurity professionals:

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Hugo van Den Toorn
Hugo van Den Toorn , Manager, Offensive Security
InfoSec Expert
October 22, 2019 1:33 pm

This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”.

With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organizations. As datasets grow to these sizes, the data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately, not everyone protects it like the valuable asset it is.

Last edited 3 years ago by Hugo van Den Toorn
1
0
Would love your thoughts, please comment.x
()
x