Think you can relax after booking that luxury hotel? Think again. Pic: Pexels
Vietnam: Luxury hotel leaves customers’ credit card info unprotected
IF you, or anyone you know, recently booked themselves an exotic getaway at a particular luxury hotel chain in Vietnam, you might want to get a new credit card.
Last week, researchers at the MacKeeper Security Research Center found that the Silverland Hotel in Ho Chi Minh City had stored all their customers’ payment and personal data on an unsecured database.
The database, which had been left exposed for 62 days, included detailed credit card information (card type, number, name on card, expiration date, and CVV), guest details (name, age, gender, phone, email address), IP addresses, flight information, and special requests.
The researchers found 6,377 items on the database, which was publicly available and lacking in any form of security, including a password for access. Both the database and the Silverland Hotel’s website were hosted on the same IP address.
SEE ALSO: ASEAN countries should learn from the Philippines’ massive election data leak
It took the hotel two weeks after being informed of the database on August 12 to put a password on it. “The MacKeeper Security Research Center sent multiple emails, used the live chat feature on the website, and even spoke with the assistant of the hotel owner using the private phone number found on the domain registry,” wrote the researchers.
“The slow response left customers exposed as they continued to add additional credit card numbers to the database.” The researchers don’t know if the data was accessed by anyone else, or if the hotel even notified their customers of the leak.
Whoops! Hotel Left Thousand of Customer’s Credit Cards Online For All To See https://t.co/W10d9mCgtX #mackeeper pic.twitter.com/f4uMLMYlJ3
— MacKeeper (@MacKeeper) August 31, 2016
According to Motherboard, the database was hosted on MongoDB, an open source software that allows companies to create document-oriented databases. However, MongoDB itself is not insecure, but the companies who use it sometimes forget to set it up securely.
Silverland Hotels told Tech Wire Asia: “We’re working with Mackeeper to verify the information in their blog. Currently, our database system is secured and our website is still working.”
READ MORE
- It’s a brave new world: How generative AI becomes the game-changer in cybersecurity
- Custom development vs. COTS: Which is better for business growth?
- The dawn of a new era: NVIDIA’s trillion dollar agenda with generative AI and 5G
- Chinese state-sponsored cyber threats are becoming a global menace
- China’s Ant Group expands Alipay+ integrations in Thailand