CATEGORIES
home News

Major Hotel Management Company Leaks 85GB Of Security Log Data

by Shane McGlaunThursday, May 30, 2019, 03:45 PM EDT

Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world.

mariott hotel lobby

The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The unprotected database was discovered by VPNMentor researchers that uncovered the exposed security logs while using port scanners to map areas of the internet.

Pyramid manages hotel locations around the world, including locations in the U.S., Hawaii, the Caribbean, Ireland, and the UK. Properties under its management umbrella include 19 Marriott locations, Sheraton hotels, Plaza resorts, and Hilton Hotels along with lots of independent hotels. The researchers say that the unsecured server has an Elastisearch database instance in Port 9200 and allowed unrestricted access to security audit logs generated by Wazuh, an open source intrusion detection system.

Data was found relating to 96 different hotel properties and various array of sensitive data that belongs to the multiple hotel systems. The researchers say that from what they could see, the data would allow a hacker to understand the naming convention used by the organizations and the various domains and domain control. The information that was leaked went back to April 19, 2019.

Data included in the leak also features firewall and open port data, malware alerts, API keys and passwords, device names, IP addresses, and firewall data. Data belonging to hotel employees complete with full names and usernames, local PC names and addresses (among other identifiable information). The irony here is that the data being exposed is meant to help protect the computer systems, yet the unsecured logs are revealing the exact sort of data a nefarious actor might need to gain access.

Tags:  security, data breach, Hack, cybersecurity
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment