Cybernews reports that Indian hospitality guest management platform provider Quoality had the data of more than one million hotel guests leaked as a result of an Elastic cluster misconfiguration.
Information exposed by the inadequately secured cluster were individuals' addresses, phone numbers, nationalities, pickup times and dates, modes of transportation, booking data, and credit card details, including CVV numbers and expiration dates, according to Cybernews researchers, who identified and reported the compromise.
While the exposed data has since been secured, such an incident was regarded by researchers to be indicative of Quoality's cybersecurity lapses, which have placed significant identity theft and financial risk to hotel guests.
"The leak shows that the company completely failed to meet industry standards such as PCI-DSS for storing sensitive payment information. Such a failure to meet secure payment information storage requirements can result in sizable fines from credit card companies and regulatory bodies," said Cybernews security researcher Aras Nazarovas.
