An unprotected database has resulted in the exposure of a customer booking platform.
Discovered by security researcher Jeremiah Fowler, on December 11, 2019, the database belonging to Fairbridge Inn & Suites was not password protected, thus open and publicly accessible to anyone to view.
A vast majority of the 8.1 million records were Nginx logs and hotel guest data including customer emails, reservation numbers, customer IP and location data, employee ID and more.
“Nginx writes records of its events in two types of logs: access logs and error logs. Access logs write information about client requests, and error logs write information about the server and application issues,” explained Fowler.
A representative from FairBridge Inn & Suite confirmed to Fowler that they owned the database, and that it contained an estimated 150,000 individuals.
In addition to the logs and customer data, Fowler also discovered IP addresses, ports, pathways and storage information that threat actors could exploit to gain deeper access into the network.
It remains unclear as to how long the data was exposed for, or who may have accessed the open database. It is also not clear if customers or partners have been notified about the exposure.
The post #Privacy: FairBridge Inn & Suites exposes nearly 8.1 million records appeared first on PrivSec Report.