Serviceteam IT Security News

Researchers have discovered another unsecured Elasticsearch database, this time exposing data on thousands of travelers including US military and government employees.

The research team at vpnMentor discovered the online database hosted on AWS infrastructure, on September 13. It belonged to Autoclerk, a reservations management system now owned by hotel chain Best Western Hotels and Resorts Group.

The database contained over 179GB of data, often sourced from third party travel and hospitality platforms including OpenTravel, HAPI Cloud, and Synxis. Among these were hundreds of thousands of bookings and reservations, exposing personal details such as: full name, date of birth, home address, phone number, dates & costs of travel, and masked credit card details.

For ordinary travelers caught in leaks like this, there is the risk of follow-on phishing attacks and identify fraud attempts, as well as a chance that attackers could target their home while they are away.

However, there are even more concerning national security implications for the government personnel data exposed in the incident.

“One of the platforms exposed in the database was a contractor of the US government, military, and DHS. The contractor manages the travel arrangements of US government and military personnel, as well as independent contractors working with American defense and security agencies,” explained vpnMentor.

“The leak exposed the personally identifying information (PII) of personnel and their travel arrangements. Our team viewed logs for US army generals traveling to Moscow, Tel Aviv, and many more destinations. We also found their email address, phone numbers, and other sensitive personal data.”

The firm urged US government officials to urgently vet any third-party contractors to ensure they follow strict data security protocols when handling sensitive information of this kind.

The data in question was left exposed for nearly a month, until the database was closed on October 2.

Cloud database misconfigurations have become an Achilles’ heel for many organization, argued DivvyCloud CTO, Chris DeRamus.

“Companies must adopt robust security strategies that are appropriate and effective in the cloud, at the same time as adoption of cloud services — not weeks, months or years later,” he added.

“Automated cloud security solutions can detect misconfigurations such as an unprotected database in real time and trigger immediate remediation, so that Elasticsearch databases and other assets never have the opportunity to be exposed, even temporarily.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!