A cybersecurity research team at vpnMentor has discovered that The Pyramid Hotel Group, which manages Marriott and other hotel brands, underwent a data leak exposing vulnerabilities that could potentially be used by criminals, the company said in a report.
The researchers, Noam Rotem and Ran Locar, found a breach that exposed 85.4GB of security audit logs. Inside, they found the personal identifying information (PII) of employees, dating as far back as April 19 of this year. On that date, the system might have done a reconfiguration or some maintenance that may have opened up the server to public viewing.
The viewable information includes alerts, system errors, policy violations and other cybersecurity events. It also contains server names and operating system details, information on cybersecurity policies, employees’ full names and usernames and other sensitive data.
Those affected include the Temple Bar Hotel in Ireland, Aloft Hotels in Florida, Carton House Luxury Hotel in Ireland, Tarrytown House Estate in New York and other Pyramid Hotel Group properties.
This information is dangerous because it could give hackers access to the hotels’ networks, enabling them to plan and execute a specific attack based on that information.
“In the worst-case scenario, this leak has the potential to put not only systems at risk, but the physical security [of] hotel guests and other patrons as well. Our team found multiple devices that control hotel locking mechanisms, electronic in-room safes and other physical security management systems,” vpnMentor wrote. “Especially in the wrong hands, this drives home the very real danger here of when cybersecurity flaws threaten real-world security.”
The company said the leak could have been prevented if the hotel group had used more secure servers, had implemented the proper access parameters and had used a system that required authentication.
The company said it contacted the hotel group about the breach. “After identification, we reach out to the database’s owner to report the leak. Whenever possible, we also alert those directly affected,” vpnMentor said. “This is our version of putting good karma out on the web – to build a safer and more protected internet.”