Guests names, booking details and payment details are available from the Internet to literally everyone.
Spyware that collects and publishes screenshots of customers personal information has been found on guest registration computers at several Wyndham hotels in the United States.
The program called "pcTattletale" continuously produced screenshots of the internal software for the operation of hotels, which show all the details of reservations and customer data. Moreover, due to the identified vulnerability in this spyware, all these screenshots are publicly available from the Internet.
The vulnerability in pcTattletale was discovered by security researcher Eric Daigle during his investigation of consumer spyware. This program allows you to remotely view devices running Android or Windows and works covertly, without notifying the device owner. However, due to the vulnerability, screenshots can be downloaded directly from pcTattletale servers.
Screenshots from two Wyndham hotels shared with TechCrunch show guest names, booking details, and partial payment card numbers. Another screenshot shows access to the service's booking management system "Booking.com".
At the moment, it is not known who installed the app in the networks of the above-mentioned companies — it could be both remote intruders, current employees,or even hotel owners themselves.
Rob Myers, a representative of Wyndham, confirmed that all hotels of this chain in the United States are independent and managed by local owners. Managers of one of the affected hotels said they were not aware of the existence of spyware on their computers, and representatives of two other hotels have not yet responded to inquiries.
Service Booking.com The company said its own systems were not compromised, but the Wyndham case demonstrates how hotel systems are being targeted by cybercriminals.
Such apps are often referred to as "Stalkerware" because of their ability to follow people without their knowledge or consent. And although this is not the first time that such software has been detected in the networks of large companies, its leak into the public domain along with all the collected data is a case of unprecedented importance.
The security of hotel guests personal data has been compromised, which requires increased control and security measures both on the part of hotel chains and on the part of companies that provide them with computer systems and other technologies for the correct operation of networks.
It is worth noting that for the Wyndham network, this is not the first case of a customer data leak. So, in the period from 2008 to 2010, the hotel chain was the victim of three cyber attacks, as a result of which attackers stole personal data of customers and their payment information. Subsequently, the US Federal Trade Commission even filed charges against the network, accusing Wyndham of negligence in providing customer protection.
Spyware that collects and publishes screenshots of customers personal information has been found on guest registration computers at several Wyndham hotels in the United States.
The program called "pcTattletale" continuously produced screenshots of the internal software for the operation of hotels, which show all the details of reservations and customer data. Moreover, due to the identified vulnerability in this spyware, all these screenshots are publicly available from the Internet.
The vulnerability in pcTattletale was discovered by security researcher Eric Daigle during his investigation of consumer spyware. This program allows you to remotely view devices running Android or Windows and works covertly, without notifying the device owner. However, due to the vulnerability, screenshots can be downloaded directly from pcTattletale servers.
Screenshots from two Wyndham hotels shared with TechCrunch show guest names, booking details, and partial payment card numbers. Another screenshot shows access to the service's booking management system "Booking.com".
At the moment, it is not known who installed the app in the networks of the above-mentioned companies — it could be both remote intruders, current employees,or even hotel owners themselves.
Rob Myers, a representative of Wyndham, confirmed that all hotels of this chain in the United States are independent and managed by local owners. Managers of one of the affected hotels said they were not aware of the existence of spyware on their computers, and representatives of two other hotels have not yet responded to inquiries.
Service Booking.com The company said its own systems were not compromised, but the Wyndham case demonstrates how hotel systems are being targeted by cybercriminals.
Such apps are often referred to as "Stalkerware" because of their ability to follow people without their knowledge or consent. And although this is not the first time that such software has been detected in the networks of large companies, its leak into the public domain along with all the collected data is a case of unprecedented importance.
The security of hotel guests personal data has been compromised, which requires increased control and security measures both on the part of hotel chains and on the part of companies that provide them with computer systems and other technologies for the correct operation of networks.
It is worth noting that for the Wyndham network, this is not the first case of a customer data leak. So, in the period from 2008 to 2010, the hotel chain was the victim of three cyber attacks, as a result of which attackers stole personal data of customers and their payment information. Subsequently, the US Federal Trade Commission even filed charges against the network, accusing Wyndham of negligence in providing customer protection.
