Cloud-based hotel management platform Otelier hit by data breach

Otelier, a cloud-based hotel management platform serving over 10,000 hotels worldwide, experienced a significant data breach involving their Amazon S3 cloud storage. The incident affected several major hotel chains including Marriott, Hilton, and Hyatt.

The breach started in July 2024 and continued through October, resulting in the theft of approximately 7.8 terabytes of data from Otelier's Amazon AWS S3 buckets. The attack started when threat actors obtained employee login credentials through information-stealing malware. These credentials were then used to breach Otelier's Atlassian server, where the attackers discovered additional credentials that provided access to the company's S3 storage buckets.

The scope of the compromised data is extensive, with Troy Hunt of Have I Been Pwned confirming a reservations table containing 39 million rows and a users table with 212 million entries. After deduplication, approximately 1.3 million unique email addresses were identified among the stolen data. The exposed data includes:

  • Hotel guest names
  • Addresses
  • Phone numbers
  • Email addresses
  • Hotel reservations
  • Transaction records
  • Employee emails
  • Internal operational data
  • Nightly hotel reports
  • Shift audits
  • Accounting data

Marriott has suspended automated services provided by Otelier pending the completion of their investigation. The company has emphasized that while their data was compromised through Otelier, Marriott's own systems remained secure. The attackers initially attempted to extort Marriott, mistakenly believing the S3 buckets belonged to them, but lost access in September when credentials were rotated.

Otelier has disabled the compromised accounts, engaging cybersecurity experts for forensic analysis and is communicating with affected customers.

While passwords and billing information appear not to have been breached, the exposed personal information could potentially be used in targeted phishing attacks.

Published by beyondmachines.net

Leave a Reply

Your email address will not be published. Required fields are marked *