Latest in Gear

Image credit: Jeffrey Greenberg/UIG via Getty Images

Exposed database revealed security details for large hotel chains

Marriott and others were affected.
220 Shares
Share
Tweet
Share
Save

Sponsored Links

Jeffrey Greenberg/UIG via Getty Images

Yet another unprotected database could pose a security risk -- this time if you're a traveler. VPNMentor researchers have discovered an exposed database that contained security audit logs for hotels run by the Pyramid Hotel Group, including numerous locations attached to major chains. Affected chains included Marriott's Aloft Hotels in Florida, Tarrytown House Estate in New York and multiple Irish hotels (such as Temple Bar), and might include more -- Pyramid operates hotels on behalf of Sheraton, Westin and others.

The data comes from a common source. Pyramid has been relying on Wazuh, an open source intrusion detection system, and sending data from that software to an unguarded server. It included info dating back to April 19th and mostly focuses on connection info like server logins, internet addresses and firewall data, but it also includes the full names of hotel staff and security policy details.

Pyramid locked down the database roughly two days after VPNMentor brought it to the company's attention.

It's not certain if anyone accessed the database without permission, but the security risks were clear. It effectively served as a guide for potential intruders. If they acted quickly enough, they could have taken advantage of clearly identified gaps in the hotels' defenses, not to mention compromised workers accounts. The discovery also shows that an unsecure database doesn't need to directly store customer info to pose a clear threat to those customers.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
220 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
First 'Borderlands 3' event is the Halloween-themed Bloody Harvest

First 'Borderlands 3' event is the Halloween-themed Bloody Harvest

View
Tech industry sets official standard for 8K TVs

Tech industry sets official standard for 8K TVs

View
'Bandersnatch,' 'Fleabag,' and 'Ozark' lead streaming Emmy winners

'Bandersnatch,' 'Fleabag,' and 'Ozark' lead streaming Emmy winners

View
IKEA will produce more energy than it consumes by 2020

IKEA will produce more energy than it consumes by 2020

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr