Latest in Gear

Image credit:

Exposed database revealed security details for large hotel chains

Marriott and others were affected.
Jon Fingas, @jonfingas
June 2, 2019
Share
Tweet
Share

Sponsored Links

Jeffrey Greenberg/UIG via Getty Images

Yet another unprotected database could pose a security risk -- this time if you're a traveler. VPNMentor researchers have discovered an exposed database that contained security audit logs for hotels run by the Pyramid Hotel Group, including numerous locations attached to major chains. Affected chains included Marriott's Aloft Hotels in Florida, Tarrytown House Estate in New York and multiple Irish hotels (such as Temple Bar), and might include more -- Pyramid operates hotels on behalf of Sheraton, Westin and others.

The data comes from a common source. Pyramid has been relying on Wazuh, an open source intrusion detection system, and sending data from that software to an unguarded server. It included info dating back to April 19th and mostly focuses on connection info like server logins, internet addresses and firewall data, but it also includes the full names of hotel staff and security policy details.

Pyramid locked down the database roughly two days after VPNMentor brought it to the company's attention.

It's not certain if anyone accessed the database without permission, but the security risks were clear. It effectively served as a guide for potential intruders. If they acted quickly enough, they could have taken advantage of clearly identified gaps in the hotels' defenses, not to mention compromised workers accounts. The discovery also shows that an unsecure database doesn't need to directly store customer info to pose a clear threat to those customers.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Put Bernie Sanders almost anywhere with this Google Street View app

Put Bernie Sanders almost anywhere with this Google Street View app

View
Tesla accuses engineer of stealing crucial company software

Tesla accuses engineer of stealing crucial company software

View
Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

View
Apple's Magic Keyboard for iPad drops to $199 at Amazon

Apple's Magic Keyboard for iPad drops to $199 at Amazon

View
Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr