Aavgo security lapse exposed hotel bookings

TechCrunch | 7/16/2019 | Staff
ArceusArceus (Posted by) Level 3
Click For Photo: https://techcrunch.com/wp-content/uploads/2019/07/gettyimages-489733108.jpg?w=602

A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information.

The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password.

Server - Weeks - Security - Researcher - Daniel

The server was open for three weeks — long enough for security researcher Daniel Brown to find the database.

He shared his findings exclusively with TechCrunch, then published them.

Aavgo - Bills - Way - Hotels - Operations

Aavgo bills itself as a way for hotels to organize their operations by using several connected apps — one for use by guests using tablets installed in their hotel rooms for entertainment, ordering room service and checking out, and another for staff to communicate with each other, file maintenance tickets and manage housekeeping.

Several large hotel chains, including Holiday Inn Express and Zenique Hotels, use Aavgo’s technology in their properties.

Database - Logs - Computer - System - Records

The database contained daily updating logs of the back-end computer system. Although most of the records were logs of computer commands critical to the running of the system, we found within personal booking data — including names, email addresses, phone numbers, room types, prices, the location of the hotel and the room and the dates and times of check-in and check-out.

There was no financial information in the database beyond the credit card issuer.

Database - Room - Service - Orders - Complaints

The database also contained room service orders, guest complaints, invoices and other sensitive information used for accessing the Aavgo system, the researcher said.

Many of the records were related to its corporate hotelier customers.


One of those customers included...
(Excerpt) Read more at: TechCrunch
Wake Up To Breaking News!
A pox on both their houses!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!