Comment: US Military And Government Data Included In 179GB Database Leak

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. It is said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. vpnMentor was able to view records relating to the travel arrangements of government and military personnel — both past and future — who are connected to the US government, military, and Department of Homeland Security (DHS). Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.

Full story here: https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/

Commenting on the story are the following cybersecurity professionals:

Experts Comments

October 22, 2019
Hugo van Den Toorn
Manager, Offensive Security
Outpost24
This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”. With the countless possibilities of ‘quickly deploying a system in the.....Read More
This is a typical example of a misconfigured system. It should have never been possible for anyone on the Internet, especially without authentication, to access the data stored in the database. Even Elastic themselves quote on one of their recent blogs on securing Elastiscsearch: “It’s especially dangerous if the cluster is connected directly to the Internet where anyone can connect without using a password”. With the countless possibilities of ‘quickly deploying a system in the cloud’, security is -still- often overlooked by organizations. As datasets grow to these sizes, the data is becoming increasingly valuable to our business and in some cases even more valuable than money. Unfortunately, not everyone protects it like the valuable asset it is.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.