Your humble blogwatcher curated these bloggy bits for your entertainment. In today’s SB Blogwatch, we déjà vu anew. So terrorists could have tracked the movements of strategic staff. “Hundreds of thousands” of hotel guest records containing sensitive personal data, all available on the internet with no authentication nor encryption.Īnd, to make it worse, Autoclerk was also used for U.S. The latest huge unsecured cloud storage find is in Autoclerk-a service owned by Best Western. Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
#SUPERPOWERED GET LUCKY UPDATE#
ZDNet has reached out to US-CERT and affected parties and will update when we hear back. The national security implications for the US government and military are wide-ranging and serious." This gives invaluable insight into the operations and activities of the US government and military personnel.
"Significant amounts of sensitive employee and military personnel data could now be in the public domain. "The greatest risk posed by this leak is to the US government and military," the team says. TechRepublic: Financial industry spends millions to deal with breaches Access to the database was revoked on October 2. VpnMentor then reached out to the US Embassy in Tel Aviv, and seven days later, the team contacted a representative of the Pentagon who promised swift action. The United States Computer Emergency Readiness Team (CERT) was informed of the leak on September 13 but did not respond to the researcher's findings. In total, the database - hosted by AWS - contained over 179GB of data.Īt the time of writing it has not been possible to track the overall owner of the database due to the "number of external origin points and sheer size of the data exposed," the team says. Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.ĬNET: California proposes regulations to enforce new privacy lawĪutoclerk facilitates communication between different hospitality platforms, and it appears that a substantial portion of the data originated from external platforms.
VpnMentor was able to view records relating to the travel arrangements of government and military personnel - both past and future - who are connected to the US government, military, and Department of Homeland Security (DHS). It appears that one of the platforms connected to Autoclerk exposed in the breach is a contractor of the US government that deals with travel arrangements. What is more uncommon, however, is that the US government and military figures have also been involved in this security incident. See also: Citizen Lab: WeChat's real-time censorship system uses hash indexes to filter contentĭata breaches are a common occurrence and can end up compromising information belonging to thousands or millions of us in single cases of a successful cyberattack.
#SUPERPOWERED GET LUCKY FULL#
Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. The team says that "thousands" of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor's web mapping project. On Monday, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group.Īutoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. Govt officials confirm Trump can block US companies from operating in China The US president has not made an order as yet, only requesting for US companies to move out of China.Īn open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers.
0 kommentar(er)
