Choice Hotels data breach: 700k data records lost to hackers

Choice Hotels data breach: 700k data records lost to hackers

Hackers steal 700k data records from unsecured database

Leading US hotel group Choice Hotels suffered a major breach of customer records after unnamed hackers gained access to an unsecured MongoDB database that was being used by a third-party vendor to store and process personal information of its guests.

The unsecured MongoDB database was discovered by security researcher Bob Diachenko on 2nd July who promptly informed Choice hotels about the exposure but it appears that by then, a group of malicious hackers had already gained access to the server.

Hackers demanded ransom from Choice Hotels following data heist

The hacker group has apparently demanded 0.4 Bitcoin (£3327.24) in ransom from Choice Hotels in exchange for returning up to 700,000 personal data records stolen from the unsecured database. Even though the database stored up to 5.6 million records, Choice Hotels told Comparitech that only 700,000 of those records belonged to actual people while the rest was test data.

The hotel group added that the unsecured MongoDB database was being used by a third party vendor "as part of a proposal to provide a tool" and that the hotel's own servers were completely secure. Personal data stored in the compromosed server included guest names, addresses, email addresses, and/or phone numbers.

"We have discussed this matter with the vendor and will not be working with them in the future. We are evaluating other vendor relationships and working to put additional controls in place to prevent any future occurrences of this nature," it said.

The unsecured MongoDB database was first indexed by the BinaryEdge search engine on 28th June, was discovered by Bob Diachenko on 2nd July, and was secured by the hotel group on the same day. Even though the database was accessible for only four days, it was enough for malicious actors to steal valuable personal information from it.

Organisations must adopt machine learning to remediate threats

"This breach is a great example of the significant - and often underestimated - security risk that third-party vendors present," said Saryu Nayyar, CEO of Gurucul. "The actions of any person or entity who can access your most critical systems and applications should be monitored.

"That can be done with modern machine learning algorithms that compare current behaviour of all users, including third parties, to baselined “normal” behaviour. By doing so, organisations can identify anomalous trends and spot outliers to remediate threats," she added.

According to Justin Fox, Director of DevOps Engineering at NuData Security, organisations must focus on storing data points securely - by making use of cryptographically secured formats like a SHA256 or SHA512 hash of the information. If an organisation successfully hashes the data point with salt and encrypts the resulting data, the stolen data becomes significantly less valuable to the attacker.

ALSO READ: Unprotected MongoDB database exposed over 275m personal records

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles