A leaky database owned by reservations management system Autoclerk has exposed the personal data and travel information for thousands of users – including U.S. government and military personnel.
Autoclerk, which was acquired by the Best Western Hotel and Resorts Group in August, provides reservation management software for hotels, accommodation providers, travel agencies and more. Researchers with vpnMentor on Monday said that they discovered an Elasticsearch database, owned by Autoclerk, exposed online that contained over 100,000 booking reservations for travelers.
“The database was hosted by Amazon Web Servers in the USA, containing over 179GB of data,” Noam Rotem and Ran Locar, researchers with vpnMentor, said in a Monday post. “Much of the data exposed originated from external travel and hospitality platforms using the database owner’s platform to interact with one another. The client platforms affected include property management systems (PMS), booking engines, and data services within the tourism and hospitality industries.”