Technology news and Jobs 
Information Technology News EXCLUSIVE: Best Western Pwned, new facts emerging
Information Technology News EXCLUSIVE: Best Western Pwned, new facts emerging | EXCLUSIVE: Best Western Pwned, new facts emerging |
|
| by Davey Winder | |
| Wednesday, 27 August 2008 | |
|
Page 3 of 3 I can confirm that the screenshots that Iain showed to me
of the reservation database administration interface, apparently for
all European bookings, has a search facility which is showing a date
range of 14th August 2007 through to 21st August 2008.Featured Whitepaper
5 Best Practices for Smartphone Support
If all the data is purged immediately after a guest departs the hotel, why does the transaction log have a search facility which goes back a full year? One thing where there can no doubting at all, is that Best Western has suffered a serious breach of its security. I have seen screenshots showing not only guest names and addresses, but also frequent guest account information and full credit card data. Interestingly, Iain recounts how he asked his hacker contact what security was being used by Best Western, to which he replied that if you knew that it would make this type of hack a lot easier. Iain, being an investigative journalist, did what he does best and investigated. In fact he called Best Western head office and asked to speak to the IT department. Amazingly, he tells me he was put through. Even more amazingly, having explained to them he was a Best Western customer worried about being hacked he asked what Internet security solution the hotel used. They told him. I will refrain from repeating it here, but the very fact that it was this easy to get such sensitive information as a this suggests to me that there are serious security best practise problems within the Best Western organisation. A Best Western spokesman has stated that "Best Western would like to assure our customers, member hotels and business partners that we have no evidence to suggest that there is need for widespread concern." The very fact that a breach has occurred, even if it does turn out to have involved 'only' 13 people and the ease with which a reporter could get information about its security systems, suggests otherwise. |
Tags
| < Next story in category | Previous story in the category > |
|---|
