One terabyte of data belonging to a major hotel booking platform was found leaked online.
A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations. The personally identifiable information of children was included in several of the records.
“Our team was able to access this server because it was completely unsecured and unencrypted,” announced VPN review website vpnMentor in a blog article describing their findings.
“The contents of the database could also help hackers and cybercriminals target the same companies in other ways. Using the information and accesses exposed, they could create effective phishing campaigns, or target companies with various forms of malicious software attacks: malware, spyware, ransomware, and more,” the article continued.
The leaked data also included information from affiliated platforms, including Booking.com and Hotelbeds.com.
Gekko Group is a worldwide B2B hotel booking platform that serves over 600,000 hotels worldwide. It is owned by Accor Hotels, the largest hospitality company in Europe. Because the Gekko Group is based in France, the company is subject to fines under the EU General Data Protection Regulation, or GDPR.