Exposed database revealed security details for large hotel chains
Marriott and others were affected.
Yet another unprotected database could pose a security risk -- this time if you're a traveler. VPNMentor researchers have discovered an exposed database that contained security audit logs for hotels run by the Pyramid Hotel Group, including numerous locations attached to major chains. Affected chains included Marriott's Aloft Hotels in Florida, Tarrytown House Estate in New York and multiple Irish hotels (such as Temple Bar), and might include more -- Pyramid operates hotels on behalf of Sheraton, Westin and others.
The data comes from a common source. Pyramid has been relying on Wazuh, an open source intrusion detection system, and sending data from that software to an unguarded server. It included info dating back to April 19th and mostly focuses on connection info like server logins, internet addresses and firewall data, but it also includes the full names of hotel staff and security policy details.
Pyramid locked down the database roughly two days after VPNMentor brought it to the company's attention.
It's not certain if anyone accessed the database without permission, but the security risks were clear. It effectively served as a guide for potential intruders. If they acted quickly enough, they could have taken advantage of clearly identified gaps in the hotels' defenses, not to mention compromised workers accounts. The discovery also shows that an unsecure database doesn't need to directly store customer info to pose a clear threat to those customers.
