Otelier data breach exposes info, hotel reservations of millions
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt.
Hasnain says:
Another example of why security is so hard to get right.
“The threat actors behind the Otelier breach told BleepingComputer that they initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware, which has become the bane of corporate networks over the past few years.
When BleepingComputer asked Otelier to confirm this information, a company representative said they could not share any further comments on the incident. However, BleepingComputer found on the Flare threat intelligence platform Otelier employee information that had been stolen by infostealer malware.
The threat actors say they used these credentials to scrape tickets and other data, which contained further credentials to the company's S3 buckets.
Using this access, the hackers claimed to have downloaded 7.8TB of data from the company's Amazon cloud storage, including millions of documents belonging to Marriott that were in S3 buckets managed by Otelier. These documents include nightly hotel reports, shift audits, and accounting data.”
Posted on 2025-01-19T01:42:40+0000