Millions of hotel users see personal info checked out in huge data leak
Share:
Over 24 million records discovered online by researchers. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. A leaked dataset which contained over 24 million hotel records has been discovered by CyberNews researchers, which included names, emails, phone numbers, and detailed stay information like arrival time, number of guests, and price paid.
![[Ellen Jennings-Trace]](https://vanilla.futurecdn.net/cyclingnews/media/img/missing-image.svg)
There are strong indications that the dataset belongs to Honotel Group, a French hospitality investment and management firm. The data specifically mentions ‘SITE HONOTEL’, researchers confirmed, as well as booking platforms such as Booking.com - suggesting the leaked database might be part of Honotel’s booking management system.
Researchers discovered the suspected Honotel leak on October 4, 2024, and the leak was closed by October 7 2024, so the organization at least acted quickly once the disclosure notice had been sent. It’s not clear how long the data was available, or if threat actors discovered or stole anything, but the information was discovered on an unprotected Elasticsearch server and Kibana interface.
This puts both the customer and the company at risk. For the customer, the risk when Personally Identifiable Information (PII) is compromised is the risk of fraud and identity theft, as malicious actors can use the data to take out loans, bank accounts, or even to develop social engineering attacks against the victims.
