Vacation Canceled? Massive Data Breach at Travel Site VoyageSecure!
A Bitter End to Vacation Season: Data of Millions of Tourists For Sale
The popular hotel and flight booking platform, VoyageSecure, has just confirmed that it has fallen victim to a massive data breach. Information concerning over 15 million customers from around the world is already available on a well-known darknet forum. If you have ever used their services, this news should set off alarm bells.
What Was Leaked and How Did It Happen?
According to preliminary findings, the attackers gained access to a database stored in a public cloud. The reason? A mundane and unfortunately still common one – a misconfiguration of access permissions, which left the digital door wide open.
A substantial package of data fell into the criminals' hands:
- Full names of customers.
- Email addresses and phone numbers.
- Booking history, including dates and locations of stays.
- Hashed passwords for accounts on the service.
- Partial payment card data (the last 4 digits).
The company emphasizes that full payment card numbers are secure, but the stolen information is a ready-made database for conducting sophisticated phishing attacks. Criminals, knowing your travel plans, can send very credible fake messages about "booking issues" to phish for your complete data.
What to Do? How to Proceed?
VoyageSecure has initiated a mass password reset process and promises free credit monitoring for affected customers in markets where it is available. Regardless, we recommend:
- Change your VoyageSecure password immediately. If you used it anywhere else, change it there too!
- Enable two-factor authentication (2FA) wherever possible.
- Be extremely cautious of emails and SMS messages allegedly from VoyageSecure. Do not click on links or provide any data.
This incident is another painful reminder that in today's world, our data is a valuable currency. And the companies we entrust it to do not always treat its security with the necessary diligence.
A similar breach recently affected a Spanish e-learning platform where data of 6 million users was stolen. Implementing ISO 27001 helps companies systematically manage information security and prevent such incidents.
Sources: VoyageSecure Statement, The Cyber Record
About the Author
Dyrektor ds. Technologii w SecurHub.pl
Doktorant z zakresu neuronauki poznawczej. Psycholog i ekspert IT specjalizujący się w cyberbezpieczeństwie.
Powiązane artykuły
Gigantyczny wyciek danych z platformy E-learningowej w Hiszpanii: 6 milionów użytkowników zagrożonych
Hiszpańska platforma e-learningowa padła ofiarą potężnego ataku, w wyniku którego skradziono dane ponad 6 milionów użytkowników. Informacje trafiły na sprzedaż na forum dla hakerów.
Kupujesz mieszkanie, a tracisz tożsamość? Czego uczy nas wyciek danych z Dom Development
Głośny cyberatak na jednego z największych polskich deweloperów to coś więcej niż kolejny wyciek. To historia o tym, jak dane całej Twojej rodziny, od numeru PESEL po pensję, mogły trafić w niepowołane ręce. Analizujemy, co to oznacza i jak się chronić.
Globalna Awaria AWS: Jak Jeden Region Wyłączył Pół Internetu
Globalna awaria AWS, z epicentrum w US-EAST-1, sparaliżowała dziś tysiące usług. Od Slacka i Zooma po Fortnite i banki – internet wziął przymusowe wolne. Winny: DNS.
Komentarze
Ładowanie komentarzy...