Bottom Line Up Front: Personal data from several hotel reservation websites has been compromised. The sites include, but are not limited to, Amadeus, Booking.com, Expedia, Hotels.com, Hotelbeds, Omnibees, and Sabre. Compromised data includes: full names, email addresses, national ID numbers, phone numbers of hotel guests, card numbers, cardholder names, CVVs and expiration dates, and reservation details, such as the total cost of hotel reservations, reservation number, dates of a stay, special requests made by guests, number of people, guest names and more.
Details: It was discovered, by a third party, that the platform that services many hotel reservation sites around the world had misconfigured a storage server. This misconfiguration allowed for over 10 million records to be accessible to anyone who could find them. It is unknown if the records were accessed by anyone, but the fact that they were readily available removes any sense of security. Victims of the data exposure could become targets for phishing attacks, identity theft, and other forms of attack.
The storage server has since been secured, but if you have accounts or reservations with the listed companies, it may be wise to invest in identity protection, look into changing your hotel reservations and personal information on the sites, and be more vigilant about emails, texts, and calls from unknown senders!