Best Western has confirmed an investigation is under way into how the chain's computer defenses were breached on Thursday night.
Details of how to access the information -- which included home addresses, place of employment and credit card details -- were sold through an underground network operated by the Russian mafia.
The attack scooped up the personal details of guests who stayed at Best Western hotels during the past year, potentially eight million people.
The rest of the details read like a traditional attack. It appears that (and details are always foggy at this point in these types of stories) an attacker was able to plant a Trojan on one of the company's reservation systems. That Trojan then sniffed the username/passwords of users -- which were then allegedly sold to organized crime.
This news report does have a rather optimistic quote from a Best Western spokesman:
Tim Wade, head of marketing for Best Western GB, said it was "unlikely" that whoever was responsible got hold of the details of "every booking at every hotel" in Europe because of the way their system worked.
Now, that's sort of good news. Isn't it?