Otelier, a cloud-based hotel management platform, has exposed sensitive information from millions of hotel guests. The breach, affecting well-known brands like Marriott, Hilton, and Hyatt, involved the theft of 7.8 terabytes of data, from their Amazon S3 cloud storage. Threat actors gained unauthorized access to the storage buckets between July and October 2024, exposing personal information including guest reservations, contact details, and internal hotel documents.
The attackers reportedly breached Otelier’s systems using credentials stolen through malware targeting an employee. These credentials allowed access to other systems, ultimately leading to the compromise of Amazon cloud accounts.
Otelier has since confirmed the breach, terminated unauthorized access, and engaged cybersecurity experts to prevent future incidents. While no billing information or passwords were compromised, experts warn of the risks of phishing attacks targeting affected individuals.
Why It Matters: This breach compromises sensitive data from global hotel chains and highlights the critical risks posed by third-party service providers in today’s interconnected digital landscape. Millions of hotel guests are now at risk of phishing campaigns and identity theft due to exposed personal information. The incident shows the urgent need for businesses to strengthen their cybersecurity practices to keep scams and fraudulent activities away.
- Details of the Breach: Threat actors accessed Otelier’s Amazon S3 cloud storage via stolen credentials, reportedly downloading 7.8 terabytes of data, including hotel guest reservations, financial records, and employee emails.
- Impact on Major Hotel Chains: Marriott, Hilton, and Hyatt are among the brands affected, with Marriott suspending automated services from Otelier pending investigation. Samples of stolen data indicate the exposure of guest names, addresses, phone numbers, and emails.
- How the Attack Happened: Attackers initially breached Otelier’s Atlassian server using credentials obtained through infostealer malware. This access allowed them to scrape further credentials for cloud storage accounts.
- Mitigation Steps by Otelier: Otelier confirmed the breach and has since terminated unauthorized access, disabled affected accounts, and enlisted cybersecurity experts for forensic analysis and enhanced security measures.
- Phishing Risks and Data Exposure: Although no passwords or payment details were stolen, exposed personal information increases the likelihood of targeted phishing campaigns. Platforms like Have I Been Pwned are cataloging the exposed data to help individuals check if their information was compromised.
Go Deeper -> Otelier data breach exposes info, hotel reservations of millions -BleepingComputer
Data on Half a Million Hotel Guests Exposed After Otelier Breach – Infosecurity Magazine