Misconfigured database belonging to Amadeus exposed information of 15 million passengers

cyber
  • The database contained information on 36 million booked flights, 15 million passengers, over one million hotel bookings, and 700,000 visa applications.
  • Information on international travel plans of high-ranking Israeli diplomats including Israeli Prime Minister Benjamin Netanyahu has been exposed.

What is the issue?

A misconfigured database belonging to Amadeus’ Alp.co.il, which is used as a booking service for several Israeli travel companies including Inbal, was left open to the public.

What was exposed?

The database contained information on 36 million booked flights, 15 million passengers, over one million hotel bookings, and 700,000 visa applications.

Information on international travel plans of high-ranking Israeli diplomats including Israeli Prime Minister Benjamin Netanyahu has been exposed.

The big picture

An anonymous person who identified himself as a hacker contacted Calcalist and notified about the leaky database. Upon which, Calcalist investigated about the database and notified the Israeli National Cyber Directorate of the data leak.

A spokesperson for Amadeus’ Israeli subsidiary said that the company identified a failure in the security definitions of its database used by Israeli travel agents on May 20, 2019, which allowed unauthorized access to data.

However, the travel company’s security team has addressed the issue immediately and the problem has been fixed.

Source: https://cyware.com/news/misconfigured-database-belonging-to-amadeus-exposed-information-of-15-million-passengers-20a73c99

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Next Post

Hackers are scanning for MySQL servers to deploy GandCrab ransomware

At least one Chinese hacking crew is currently scanning the internet for Windows servers that are running MySQL databases so they can infect these systems with the GandCrab ransomware. These attacks are somewhat unique, as cyber-security firms have not seen any threat actor until now that has attacked MySQL servers […]