Unsecured database that exposed security logs and cybersecurity weakness of major hotels including Marriott locations have been uncovered by researchers.
Security Researchers from VPNMentor, Noam Rotem and Ran Locar published their vulnerability on Thursday, noting that multiple hotels have been suffered security incident. VPNMentor team including CEO Ariel Hochstadt, disclose vulnerable servers on 27th-May-2019. The server has been connected to Pyramid Hotel Group, a hotel and resort management company.
"provides superior operations, owner relations, and support services to its assets and investors."Pyramid says
The firm manages hospitality and resort properties in the US, Hawaii, the Caribbean, Ireland, and the UK. These properties include 19 Marriott locations, Sheraton hotels, Plaza resorts, and Hilton Hotel properties, alongside a number of independent hotels.
Vulnerable servers used Elasticsearch database instance in Port 9200. Security audit logs generated by an open-source intrusion detection system Wazuh. The unsecured database exposes a vast array of sensitive data belonging to the security systems of these properties. In total, 85.4GB of security audit logs were exposed.
"From what we can see, it's possible to understand the naming convention used by the organization, their various domains and domain control, the database(s) used, and other important information leading to potential penetration,"
Information including server API keys and passwords, device names, IP addresses of incoming connections, firewall and open port data, malware alerts, restricted applications, login attempt records, application errors, and both brute-force attack detection and malware infection logs are all included.