A security compromise gained by FastBooking, a provider of hotel booking software, has impacted 100 hotels across the globe.
Experts estimate that over 1000 hotels globally may be affected, with over 380 of those being in Japan alone. The number of impacted users was not disclosed by the company.
The company swiftly emailed each affected hotel with information on the event, including the number of guests who were impacted.
The attackers gained access to the FastBooking system by taking advantage of a flaw in the online application.
Employees of the organisation found the breach when they saw the malware on the server. The malware functions as a backdoor, giving the attacker access to take over the server and take private information.
Source: https://securityaffairs.com/73935/data-breach/fastbooking-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/d-edge-hospitality-solutions
"id": "ded456251223",
"linkid": "d-edge-hospitality-solutions",
"type": "Breach",
"date": "06/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '100 hotels (potentially over '
'1000 hotels globally)',
'industry': 'Hospitality',
'location': 'Global',
'name': 'FastBooking',
'type': 'Hotel Booking Software Provider'}],
'attack_vector': 'Malware',
'data_breach': {'type_of_data_compromised': 'Private information'},
'description': 'A security compromise gained by FastBooking, a provider of '
'hotel booking software, has impacted 100 hotels across the '
'globe. Experts estimate that over 1000 hotels globally may be '
'affected, with over 380 of those being in Japan alone. The '
'number of impacted users was not disclosed by the company. '
'The company swiftly emailed each affected hotel with '
'information on the event, including the number of guests who '
'were impacted. The attackers gained access to the FastBooking '
'system by taking advantage of a flaw in the online '
'application. Employees of the organisation found the breach '
'when they saw the malware on the server. The malware '
'functions as a backdoor, giving the attacker access to take '
'over the server and take private information.',
'impact': {'data_compromised': 'Private information',
'systems_affected': 'FastBooking system'},
'initial_access_broker': {'backdoors_established': 'Malware functioning as a '
'backdoor',
'entry_point': 'Flaw in the online application'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Flaw in the online application'},
'response': {'communication_strategy': 'Emailed each affected hotel with '
'information on the event'},
'title': 'FastBooking Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Flaw in the online application'}