Prestige Software

Over 10 million files were discovered in a Prestige Software database that is publicly available online.

Security experts found that the Spanish software company neglected to password-protect an AWS S3 bucket that contained 2013-era hotel customers' personal information.

The organization's Cloud Hospitality platform, which hotels use to manage online reservations on websites like Expedia, Booking.com, and Hotels.com, is where the information was exposed.

A total of 24.4 GB of data, including the full names, email addresses, phone numbers, and credit card information of the guests, was disclosed.

Source: https://www.itgovernance.co.uk/blog/millions-of-expedia-and-booking-com-customers-at-risk-after-data-breach

TPRM report: https://scoringcyber.rankiteo.com/company/prestige-software-s.l.

"id": "pre23912623",
"linkid": "prestige-software-s.l.",
"type": "Data Leak",
"date": "11/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Hospitality',
                        'location': 'Spain',
                        'name': 'Prestige Software',
                        'type': 'Software Company'}],
 'attack_vector': 'Unsecured AWS S3 Bucket',
 'data_breach': {'number_of_records_exposed': 'Over 10 million files',
                 'personally_identifiable_information': ['Full Names',
                                                         'Email Addresses',
                                                         'Phone Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Full Names',
                                              'Email Addresses',
                                              'Phone Numbers',
                                              'Credit Card Information']},
 'description': 'Over 10 million files were discovered in a Prestige Software '
                'database that is publicly available online. Security experts '
                'found that the Spanish software company neglected to '
                'password-protect an AWS S3 bucket that contained 2013-era '
                "hotel customers' personal information. The organization's "
                'Cloud Hospitality platform, which hotels use to manage online '
                'reservations on websites like Expedia, Booking.com, and '
                'Hotels.com, is where the information was exposed. A total of '
                '24.4 GB of data, including the full names, email addresses, '
                'phone numbers, and credit card information of the guests, was '
                'disclosed.',
 'impact': {'data_compromised': 'Personal Information, Credit Card Information',
            'systems_affected': 'AWS S3 Bucket'},
 'post_incident_analysis': {'root_causes': 'Lack of Password Protection on AWS '
                                           'S3 Bucket'},
 'title': 'Prestige Software Data Exposure',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Lack of Password Protection'}

Prestige Software

Lazarus Naturals

Estes Forwarding Worldwide

Synnovis