Resort administration platform Otelier suffered a data breach after risk actors breached its Amazon S3 cloud storage to steal tens of millions of company’ private info and reservations for well-known resort manufacturers like Marriott, Hilton, and Hyatt.
The breach first allegedly occurred in July 2024, with continued entry via October, with the risk actors claiming to have stolen amost eight terabytes of information from Otelier’s Amazon AWS S3 buckets.
In an announcement to BleepingComputer, Otelier confirmed the compromise and mentioned it’s speaking with impacted clients.
“Our prime precedence is to safeguard our clients whereas enhancing the security of our techniques to forestall future points,” Otelier informed BleepingComputer.
“Otelier has been in communications with its clients whose info was doubtlessly concerned. In response to this incident, we employed a staff of main cybersecurity consultants to carry out a complete forensic evaluation and validate our techniques.”
“The investigation decided that the unauthorized entry was terminated. To be able to assist stop an analogous incident from occurring sooner or later, Otelier disabled the concerned accounts and continues to work to boost its cybersecurity protocols.”
Otelier, beforehand often known as MyDigitalOffice, is a cloud-based resort administration resolution utilized by over 10,000 resorts worldwide to handle reservations, transactions, nightly reviews, and invoicing.
The corporate is or has been utilized by many well-known resort manufacturers, together with Marriott, Hilton, and Hyatt, whose information is current within the stolen info.
Breached via stolen credentials
The risk actors behind the Otelier breach informed BleepingComputer that they initially hacked the corporate’s Atlassian server utilizing an worker’s login. These credentials had been stolen via information-stealing malware, which has turn out to be the bane of company networks over the previous few years.
When BleepingComputer requested Otelier to substantiate this info, an organization consultant mentioned they might not share any additional feedback on the incident. Nevertheless, BleepingComputer discovered on the Flare risk intelligence platform Otelier worker info that had been stolen by infostealer malware.
The risk actors say they used these credentials to scrape tickets and different information, which contained additional credentials to the corporate’s S3 buckets.
Utilizing this entry, the hackers claimed to have downloaded 7.8TB of information from the corporate’s Amazon cloud storage, together with tens of millions of paperwork belonging to Marriott that had been in S3 buckets managed by Otelier. These paperwork embrace nightly resort reviews, shift audits, and accounting information.
Marriott has confirmed to BleepingComputer that Otelier’s cyberattack has impacted them and suspended automated companies whereas Otelier completes its investigation. The corporate stresses that none of its techniques had been breached on this assault.
“As soon as we had been made conscious of this incident involving Otelier, we instantly contacted the seller, which works with quite a few resort firms, and confirmed that they had been working with cyber security consultants to research a security incident that impacted their techniques,” a Marriott spokesperson informed BleepingComputer.
“Marriott has additionally taken acceptable precautions, together with suspending the automated companies offered by Otelier till the completion of their investigation, and people companies stay suspended.”
The risk actor says they tried to extort Marriott, considering the S3 buckets belonged to them, and left ransom notes requesting fee in cryptocurrency to not leak the info. Nevertheless, no communication was made, and so they mentioned they misplaced entry in September after credentials had been rotated.
Whereas Marriott informed BleepingComputer that there are not any indications that delicate info was stolen within the breach, samples of the stolen information shared with BleepingComputer and Have I Been Pwned’s Troy Hunt comprise resort company’ private info.
The small samples seen by BleepingComputer embrace a broad vary of information, together with resort visitor reservations, transactions, worker emails, and different inner information.
A few of the private info uncovered contains resort company’ names, addresses, cellphone numbers, and e-mail addresses.
The stolen information additionally contains info and e-mail addresses associated to Hyatt, Hilton, and Wyndham. BleepingComputer contacted Hyatt and Hilton concerning the breach however didn’t obtain a response.
Troy Hunt informed BleepingComputer that he acquired an intensive set of information, with the reservations desk containing 39 million rows and a customers desk with 212 million.
Hunt says that regardless of the massive set, he discovered 1.3 million distinctive e-mail addresses, as many are repeated.
The uncovered private info is being added to Have I Been Pwned, permitting anybody to verify if their e-mail deal with is within the uncovered information. Hunt eliminated e-mail addresses generated by Reserving.com and Expedia.com throughout reservations, leaving a complete of 437,000 distinctive e-mail addresses impacted by the breach.
The excellent news is that passwords and billing info don’t seem to have been stolen within the assault, however risk actors might nonetheless use this info in focused phishing assaults.
Subsequently, you ought to be looking out for suspicious emails impersonating resort manufacturers impacted by this breach.
Replace 1/19/24: Added extra details about it being added to Have I Been Pwned.
