Prestige Software has suffered from a data leak due to a misconfigured Amazon Web Services S3 bucket left open to the public for several years. Prestige’s services are used by hotels around the world to integrate their reservation systems with other online booking services such as Expedia and Booking.com. In total, the platform has exposed 10 million customer files, including 180,000 from August 2020 alone. The records include personally identifiable data and credit card details, putting customers at risk of identity theft, credit card fraud, vacation stealing, and scams.
Website Planet reports that the incident has affected 24.4 GB worth of customer data in total. Some records date back to 2013, however, the bucket was still in use when it was discovered earlier this month. Details exposed include card numbers, cardholder names, CVVs, expiration dates, reservation details, phone numbers, email addresses, national ID numbers, and dates of stay. This trove of information could be incredibly valuable to a threat actor seeking to make money on the dark web or conduct their own espionage, and it is important that those affected by the massive data leak contact their bankers.