Less than a day after a new report found that the hospitality industry is now a favorite target of hackers, FastBooking SAS, a cloud e-marketing and booking solutions provider for hotels, is the latest company to be compromised.

The hack, which took place on June 14, involved the theft of guests’ first and last names, nationality, postal addresses, email addresses, hotel booking-related information and, in some cases, credit card details.

According to Bleeping Computer, an attacker used a vulnerability to install malware on FastBooking’s servers that gave the hacker remote access to exfiltrate data. The hack was uncovered only after employees discovered the malware on the company’s network.

How many records were stolen, though, is not clear. FastBooking is claimed to be used by 4,000 hotels in 100 countries, and the company has not released an official statement on the hack in English. It did say in a release to the Japanese market that 380 hotels in Japan had been affected.

One known hotel chain affected by the hack is Prince Hotels Inc., one of Japan’s largest hotel chains, which the Japan Times reported apologized to customers on Tuesday. The hotel chain said data on 124,963 individuals and groups who had made bookings at the hotels had been stolen by hackers through FastBooking’s platform.

Setu Kulkarni, vice president of corporate strategy at WhiteHat Security Inc., told SiliconANGLE that because modern organizations deploy a lot of web applications accessible from any location, they’re an easy target for hackers, who can gain access to back-end corporate databases.

“What is alarming is the consistently high rate of web applications that are ‘always vulnerable,’ every single day of the year,” he said. “Many recent breaches, like FastBooking and the massive Equifax incident that remains top of mind more than half a year later, were caused by fixable web app vulnerabilities.”

Kulkarni explained that web systems are now being integrated via application programming interfaces. As a result, he said, “formal processes and best practices for developing modern software are still being defined. Companies should empower developers to code using security best practices in mind throughout the entire software development lifecycle, with proper training and even security certifications.”

Photo: Prince Hotels