Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FastBooking Hotel booking software firm suffered a data breach

A security breach suffered by the Hotel booking software provider FastBooking has affected hundreds of hotels worldwide. The Hotel booking software provider FastBooking is the last victim of a data breach, the incident exposed personal details and payment card data of guests from affected hotels. FastBooking offers hotel booking platform to more than 4,000 hotels in 100 […]

FastBooking

A security breach suffered by the Hotel booking software provider FastBooking has affected hundreds of hotels worldwide.

The Hotel booking software provider FastBooking is the last victim of a data breach, the incident exposed personal details and payment card data of guests from affected hotels.

FastBooking offers hotel booking platform to more than 4,000 hotels in 100 countries.

According to the experts, the number of impacted hotels worldwide could be greater than 1000, roughly 380 only in Japan. The company did not provide details about the number of affected users.

The company promptly notified via email the incident to each affected hotel providing details about the number of affected guests.

“Following the discovery of a suspicious application, the server log files were analyzed
(computer activity traces) and we found out that some files containing data had leaked.” reads a notice published by the company.

“Fastbooking immediately eradicated the vulnerability and took steps to prevent this
incident from recurring and to mitigate any negative consequences: implementing higher security standards, changing passwords on our systems, and so on.”

The attackers exploited a vulnerability in the web app to back into the FastBooking system.

The breach was discovered by company staff that noticed the presence of the malware on the server. The malware is a backdoor that allows the attacker to gain control over the server and steal the sensitive data.

FastBooking

The company notified the data breach via emails, hackers compromised the server on June 14 and installed a malware on the company server that was used to exfiltrate the precious data.

The hotel chain Prince Hotels & Resorts in Japan already notified the data breach to its customers. The hotel chain announced that the incident affected 124,963 guests who stayed at 82 of its hotels.

“This notice is to make you aware that Prince Hotels & Resorts reservations system in English, Simplified Chinese, Traditional Chinese, and Korean have been impacted by an unauthorized access to or acquisition of your personal information.” reads the data breach notification.

“We have learned that Fastbooking in France which is a parent company of Fastbooking Japan, our reservations system operator for international guests, had an unauthorized access.”

Below the incident timeline:
June 14, 2018, 8:43 PM UTC – hackers breached FastBooking’s server.
June 19, 2018, 3:40 PM UTC – The company discovers intrusion.
June 19, 2018, 9:02 PM UTC – The company closes breach.

Experts believe this data breach could trigger a series of data breach notifications from all the affected hotels.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – malware, Data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]