iTWire - EXCLUSIVE: Best Western Pwned, new facts emerging

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Pod Casts Sustainability

Live Technology Events - Training - Forums - Summits

Technology news and Jobs

TAG

EXCLUSIVE: Best Western Pwned, new facts emerging

E-mail

by Davey Winder
Wednesday, 27 August 2008
Page 3 of 3 I can confirm that the screenshots that Iain showed to me of the reservation database administration interface, apparently for all European bookings, has a search facility which is showing a date range of 14th August 2007 through to 21st August 2008. Although the screenshot does only show a handful of transactions covering a period of the 18th to 21st August 2008, it does prompt important question number two: If all the data is purged immediately after a guest departs the hotel, why does the transaction log have a search facility which goes back a full year? One thing where there can no doubting at all, is that Best Western has suffered a serious breach of its security. I have seen screenshots showing not only guest names and addresses, but also frequent guest account information and full credit card data. Interestingly, Iain recounts how he asked his hacker contact what security was being used by Best Western, to which he replied that if you knew that it would make this type of hack a lot easier. Iain, being an investigative journalist, did what he does best and investigated. In fact he called Best Western head office and asked to speak to the IT department. Amazingly, he tells me he was put through. Even more amazingly, having explained to them he was a Best Western customer worried about being hacked he asked what Internet security solution the hotel used. They told him. I will refrain from repeating it here, but the very fact that it was this easy to get such sensitive information as a this suggests to me that there are serious security best practise problems within the Best Western organisation. A Best Western spokesman has stated that "Best Western would like to assure our customers, member hotels and business partners that we have no evidence to suggest that there is need for widespread concern." The very fact that a breach has occurred, even if it does turn out to have involved 'only' 13 people and the ease with which a reporter could get information about its security systems, suggests otherwise. Please enable JavaScript in your browser to post your comment! Tags See All Tags Crime Data Protection Database Davey Winder Hacker Security Theft Get stories like this delivered daily - FREE - subscribe now << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

...Promote yourself here

Latest jobs

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter