INFRA
INFRA
INFRA
Hotel guest information stolen from booking solutions provider FastBooking
Less than a day after a new report found that the hospitality industry is now a favorite target of hackers, FastBooking SAS, a cloud e-marketing and booking solutions provider for hotels, is the latest company to be compromised.
The hack, which took place on June 14, involved the theft of guests’ first and last names, nationality, postal addresses, email addresses, hotel booking-related information and, in some cases, credit card details.
According to Bleeping Computer, an attacker used a vulnerability to install malware on FastBooking’s servers that gave the hacker remote access to exfiltrate data. The hack was uncovered only after employees discovered the malware on the company’s network.
How many records were stolen, though, is not clear. FastBooking is claimed to be used by 4,000 hotels in 100 countries, and the company has not released an official statement on the hack in English. It did say in a release to the Japanese market that 380 hotels in Japan had been affected.
One known hotel chain affected by the hack is Prince Hotels Inc., one of Japan’s largest hotel chains, which the Japan Times reported apologized to customers on Tuesday. The hotel chain said data on 124,963 individuals and groups who had made bookings at the hotels had been stolen by hackers through FastBooking’s platform.
Setu Kulkarni, vice president of corporate strategy at WhiteHat Security Inc., told SiliconANGLE that because modern organizations deploy a lot of web applications accessible from any location, they’re an easy target for hackers, who can gain access to back-end corporate databases.
“What is alarming is the consistently high rate of web applications that are ‘always vulnerable,’ every single day of the year,” he said. “Many recent breaches, like FastBooking and the massive Equifax incident that remains top of mind more than half a year later, were caused by fixable web app vulnerabilities.”
Kulkarni explained that web systems are now being integrated via application programming interfaces. As a result, he said, “formal processes and best practices for developing modern software are still being defined. Companies should empower developers to code using security best practices in mind throughout the entire software development lifecycle, with proper training and even security certifications.”
Photo: Prince Hotels
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
