Credit card details of millions of guests leaked in travel site data breach

If you’ve traveled since 2013, it might be time to check your bank accounts. Three of the web’s biggest travel sites leaked personal and financial data for millions of users, including payment card details.

As with many other data breaches, traveler information was stored in a database without any form of security or protection. The hackers who stumbled upon it could have stolen the data without anyone knowing. Tap or click here for details on another recent database leak.

Victims of the leak risk having their card numbers stolen. Scammers may also start targeting leaked email addresses with malware and phishing campaigns. Fortunately, there are some things you can do to protect yourself and your money.

Hotels.com, Booking.com and Expedia.com Suffer Data Leak of Over 10 Million Travelers

Prestige Software is a Spanish developer that has reservation software called Cloud Hospitality. It is designed to help automate hotel listings on websites such as Hotels.com and Expedia.com for online booking.

Recently, security Website Planet researchers found that Cloud Hospitality stored more than 10 million traveler information in an insecure database without password protection. Data includes payment information, addresses, names and identification numbers.

Reservation details were also exposed, including travel dates and hotel locations.

The information on display dates back to 2013, meaning there is almost a decade worth of travel information to grab onto the internet. The database had at least 180,000 records as of August 2020 alone.

Website Planet alerted Amazon Web Services, which hosted the database, to the security breach. AWS took it down a day later, but no one knows how long the database had been active or whether cybercriminals had access to it or not.

We’ll assume the data is already for sale in Dark Web marketplaces to be on the safe side.

Tap or click here to see how much your private data is selling for on the Dark Web.

Am I affected by the leak? What can I do to protect my information?

If you booked a trip or hotel stay through any of the following websites between 2013 and today, it’s time to take some security precautions to protect yourself and your data:

  • agoda
  • Amedee
  • Booking.com
  • Expedia
  • Hotels.com
  • hotel beds
  • Omnibees
  • Saber
  • Plus a few other small travel websites not mentioned in the Website Planet report

Since some of the leaked data includes email addresses and names, be on the lookout for spam and phishing messages arriving in your inbox. Beware of emails you receive and never click on links from senders you don’t know.

If you think you are at risk, your highest priority is to protect your cards and bank accounts. Call your bank, financial institution or card issuer and let them know that your card has been included in a data breach.

Your bank will now monitor your account for fraud. Make sure that the bank also issues you a new card and closes your current card so that it cannot be used.

You can also perform a credit freeze to prevent new accounts from being opened in your name. Tap or click here to see how to set up a credit freeze.

Next, verify your banking apps and set up security features like two-factor authentication to prevent fraudulent logins.

Tap or click here to see how to set up 2FA for your banks.

Finally, if you have upcoming travel plans booked through one of these websites, confirm your reservation with the hotel and notify the front desk staff that your account has been compromised.

If you don’t play it safe, cybercriminals may be able to alter your booking details and take a vacation at your expense. Don’t give them a chance.