Gastrodat and Chekin: Millions of hotel goers may have been exposed after hackers steal data and leak it on Telegram

Massive Data Leak Exposes Nearly 5 Million Hospitality Guests in Spain and Austria

Security researchers at Cybernews uncovered a major data breach involving Spanish and Austrian hospitality platforms, exposing nearly 5 million users’ personal information. The incident stemmed from an attacker who compromised 527 accounts belonging to hotels and hosts, using them to extract sensitive data via automated Python scripts.

The stolen data totaling 6.5GB was left unprotected on an open server, allowing researchers to access it. The breach affected platforms like Chekin (a Spain-based automated check-in service) and Gastrodat (an Austrian hotel management software provider), with records pulled from over 170 facilities worldwide.

The exposed data includes guest names, email addresses, phone numbers, birth details, ID document numbers, reservation IDs, stay dates, and property addresses. In some cases, internal safety flags and account credentials including JWT tokens were also compromised. Gastrodat alone accounted for 361,000 booking records (11.6 million entries), while Chekin exposed 311,400 records, including 253,000 ID document numbers.

The attacker used Telegram to forward the stolen data in real time, though the unsecured server ultimately led to its discovery. The scale of the leak highlights vulnerabilities in hospitality sector security, with millions of travelers and guests now at risk of identity theft and fraud.

Source: https://www.techradar.com/pro/security/millions-of-hotel-goers-may-have-been-exposed-after-hackers-steal-data-and-leak-it-on-telegram

Chekin cybersecurity rating report: https://www.rankiteo.com/company/chekin

gastrodat GmbH cybersecurity rating report: https://www.rankiteo.com/company/gastrodat-hotelsoftware

"id": "CHEGAS1776335039",
"linkid": "chekin, gastrodat-hotelsoftware",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '311,400 records (253,000 ID '
                                              'document numbers)',
                        'industry': 'Hospitality',
                        'location': 'Spain',
                        'name': 'Chekin',
                        'type': 'Automated check-in service'},
                       {'customers_affected': '361,000 booking records (11.6 '
                                              'million entries)',
                        'industry': 'Hospitality',
                        'location': 'Austria',
                        'name': 'Gastrodat',
                        'type': 'Hotel management software provider'}],
 'attack_vector': 'Compromised accounts (527 hotel/host accounts)',
 'data_breach': {'data_exfiltration': 'Yes (via Telegram in real time)',
                 'number_of_records_exposed': 'Nearly 5 million users',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PII, ID documents, credentials)',
                 'type_of_data_compromised': ['Guest names',
                                              'Email addresses',
                                              'Phone numbers',
                                              'Birth details',
                                              'ID document numbers',
                                              'Reservation IDs',
                                              'Stay dates',
                                              'Property addresses',
                                              'Internal safety flags',
                                              'Account credentials (JWT '
                                              'tokens)']},
 'description': 'Security researchers at Cybernews uncovered a major data '
                'breach involving Spanish and Austrian hospitality platforms, '
                'exposing nearly 5 million users’ personal information. The '
                'incident stemmed from an attacker who compromised 527 '
                'accounts belonging to hotels and hosts, using them to extract '
                'sensitive data via automated Python scripts. The stolen data '
                'totaling 6.5GB was left unprotected on an open server, '
                'allowing researchers to access it. The breach affected '
                'platforms like Chekin (a Spain-based automated check-in '
                'service) and Gastrodat (an Austrian hotel management software '
                'provider), with records pulled from over 170 facilities '
                'worldwide.',
 'impact': {'brand_reputation_impact': 'High (hospitality sector vulnerability '
                                       'exposed)',
            'data_compromised': '6.5GB of personal and reservation data',
            'identity_theft_risk': 'High (ID document numbers, PII exposed)',
            'systems_affected': 'Chekin, Gastrodat, and 170+ hospitality '
                                'facilities'},
 'initial_access_broker': {'entry_point': 'Compromised hotel/host accounts '
                                          '(527 accounts)'},
 'motivation': 'Data exfiltration, potential identity theft/fraud',
 'post_incident_analysis': {'root_causes': 'Unsecured server, weak account '
                                           'security, automated data '
                                           'extraction'},
 'references': [{'source': 'Cybernews'}],
 'title': 'Massive Data Leak Exposes Nearly 5 Million Hospitality Guests in '
          'Spain and Austria',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unsecured server, weak account security'}