Best Western Hotel Chain Pwned
According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.
August 24, 2008
According to news reports that started to surface over the weekend, Best Western, one of the world's largest hotel chains -- if not the largest -- is investigating a breach that purportedly has placed millions of its guests' data at-risk, and in the hands of Russian mobsters.According to this news report in the U.K.'s Telegraph, Best Western GB is currently investigating how its IT systems where breached: "Best Western has confirmed an investigation is under way into how the chain's computer defenses were breached on Thursday night.
Details of how to access the information -- which included home addresses, place of employment and credit card details -- were sold through an underground network operated by the Russian mafia.
The attack scooped up the personal details of guests who stayed at Best Western hotels during the past year, potentially eight million people.
"
The rest of the details read like a traditional attack. It appears that (and details are always foggy at this point in these types of stories) an attacker was able to plant a Trojan on one of the company's reservation systems. That Trojan then sniffed the username/passwords of users -- which were then allegedly sold to organized crime.
This news report does have a rather optimistic quote from a Best Western spokesman:
"Tim Wade, head of marketing for Best Western GB, said it was "unlikely" that whoever was responsible got hold of the details of "every booking at every hotel" in Europe because of the way their system worked."
Now, that's sort of good news. Isn't it?
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024