Accor Hotels Subsidiary Leaks a Terabyte of Data

According to vpnMentor’s research team, a data breach that belongs to Gekko Group (a subsidiary of Accor Hotels), has compromised the privacy of its customers, clients, Accor Hotels and its businesses.

Gekko Group is a European B2B hotel booking platform that also owns several smaller hospitality brands including Teldar Travel & Infinite Hotel – which were most exposed in the leaked database.  

The compromised database contains over 1 terabyte of data included from Gekko Group brands and its clients, as well as external websites and platforms that their systems communicate with, such as Booking.com.

According to the research team, “As Gekko Group’s brands serve very different functions, there was a huge variety in types of data our team accessed, including: hotel and transport reservations, credit card details, personally Identifiable Information (PII) of various parties, login credentials for client accounts on Gekko Group-owned platforms, etc.”

The article continues, “Our team was able to access this server because it was completely unsecured and unencrypted. The company uses an Elasticsearch database, which is ordinarily not designed for URL use. However, we were able to access it via browser and manipulate the URL search criteria into exposing schemata.”