Autoclerk Leaks U.S. Government And Military Personnel Data

A vpnMentor’s research team revealed a failure in a database belonging to Autoclerk, a reservations management system held by best Western Hotels and Resorts Group. The secretary included subject matter about a number of hotel consumers who made reservations around the world using various services. Autoclerk is a reservations management system utilized by resorts to manage web bookings, profits, loyalty programs, guest profiles and payment activity. Victim of this leak was the U.S. government, military and Department of Homeland Security, says the research.

On September 13 this year, according to information of security experts, they disclosed a defenseless Elasticsearch database during a large-scale scan of open ports in a certain range of IP addresses. “Open Elasticsearch database was discovered through vpnMentor’s web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within”, — notes Noam Rotem, head of the vpnMentor.

According to vpnMentor experts, the storage hosted on Amazon Web Service (AWS), belonged to AutoClerk. The database contained data from hotel management services, in specific myHMS, CleanMeNext and SynXis, to which many travel agencies and hotels were affiliated. Experts found that attackers could use this information for cyberattacks and genuine threat against hotel customers.It seems like one of the platforms affiliated to Autoclerk disclosed in the failure is a contractor of the US government that deals with travel arrangements.

Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.“The greatest risk posed by this leak is to the US government and military. Significant amounts of sensitive employee and military personnel data could now be in the public domain. This gives invaluable insight into the operations and activities of the US government and military personnel. The national security implications for the US government and military are wide-ranging and serious.”