Major Hotel Management Company Leaks 85GB Of Security Log Data

Hacks are happening all the time with some giving information on user accounts like the Flipboard hack we talked about recently. Other hacks are much grander in scale, like the attack against the city of Baltimore that resulted in most of the cities systems being locked out. Another significant hack has happened, and this one is a hack of a hotel management company that backs some of the largest hotel chains in the world.

mariott hotel lobby

The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations. The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels. The unprotected database was discovered by VPNMentor researchers that uncovered the exposed security logs while using port scanners to map areas of the internet.

Pyramid manages hotel locations around the world, including locations in the U.S., Hawaii, the Caribbean, Ireland, and the UK. Properties under its management umbrella include 19 Marriott locations, Sheraton hotels, Plaza resorts, and Hilton Hotels along with lots of independent hotels. The researchers say that the unsecured server has an Elastisearch database instance in Port 9200 and allowed unrestricted access to security audit logs generated by Wazuh, an open source intrusion detection system.

Data was found relating to 96 different hotel properties and various array of sensitive data that belongs to the multiple hotel systems. The researchers say that from what they could see, the data would allow a hacker to understand the naming convention used by the organizations and the various domains and domain control. The information that was leaked went back to April 19, 2019.

Data included in the leak also features firewall and open port data, malware alerts, API keys and passwords, device names, IP addresses, and firewall data. Data belonging to hotel employees complete with full names and usernames, local PC names and addresses (among other identifiable information). The irony here is that the data being exposed is meant to help protect the computer systems, yet the unsecured logs are revealing the exact sort of data a nefarious actor might need to gain access.