- CyberNews researchers discovered a huge data leak
- The dataset contained the information of more than 24 million customers. It probably belonged to the Honotel hotel chain.
A leaked dataset containing more than 24 million hotel records has been discovered by CyberNews researchers, including names, email addresses, phone numbers and detailed stay information such as time arrival, the number of customers and the price paid.
There are strong indications that the dataset belongs to the Honotel Group, a French hotel investment and management company.
The data specifically mentions “HONOTEL SITE”, the researchers confirmed, as well as booking platforms such as Booking.com, suggesting that the leaked database could be part of Honotel’s reservation management system.
At-risk guests
Researchers discovered the alleged Honotel leak on October 4, 2024, and the leak was closed on October 7, 2024, so the organization at least acted quickly once the disclosure notice was sent.
It’s unclear how long the data remained available, or whether the threat actors discovered or stole anything, but the information was discovered on an unprotected Elasticsearch server and Kibana interface.
This puts the customer and the company at risk. For the customer, the risk when Personally Identifiable Information (PII) is compromised is the risk of fraud and identity theft, as bad actors can use the data to take out loans, bank accounts or even develop businesses. social engineering attacks against victims.
For the company, just like the FTC fines, European companies face GDPR regulations that could result in penalties of up to 4% of a company’s global annual revenue if security best practices are not put in place to protect personal information.
This comes shortly after major incidents led the FTC to order hotel chains Marriott and Starwood to implement more robust security measures after 344 million guests were exposed in a massive data breach. Marriott’s systems were exposed for four years, earning the company a $52 million penalty from the FTC in 2024.
