
Large breach of widely used hotel management software highlights unique issues facing modern companies.
Many modern businesses find themselves relying on POS (point of sale), inventory management, logistics or scheduling software for their day to day operations. Much of this software has transitioned to cloud based offerings over the past 5 years. (Think Quickbooks)
While this move (I believe) is primarily motivated by a desire to stay flexible, competitive, and improve the usability/flexibility of the application for businesses there are of course, risks.
"Otelier, previously known as MyDigitalOffice, is a cloud-based hotel management solution used by over 10,000 hotels worldwide to manage reservations, transactions, nightly reports, and invoicing."
"The company is or has been used by many well-known hotel brands, including Marriott, Hilton, and Hyatt, whose data is present in the stolen information."
Modern hotels have to deal with an extraordinary amount of information on a daily basis simply to operate. Bookings (with listings now spread across multiple platforms), invoicing, cleaning logistics, restaurant/room service coordination, key card access systems, entertainment/wifi control systems, and the list goes on and on.....
Now imagine a software company comes along and says, "hey, we can help you manage 75% of these things on one seamless platform". The hotel chain says "great!"
Software is rolled out and the information is pumped in, millions of keystrokes a day by staff at thousands of hotels.
Little does any individual at any part of this process (on the hotel side) understand that the information is being transmitted to a large cloud database which is storing and curating this privileged information. This data is what was breached during this incident. The fallout being the exposure of 7.8 TBs of data and roughly 400,000 unique guests personal information.
Now how did this breach occur? "The threat actors behind the Otelier breach told BleepingComputer that they initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware, which has become the bane of corporate networks over the past few years."
What does credential steeling software mean? Well, have you ever saved a login on Chrome, Edge, or your iPhone? You think to yourself, wow this is convenient. Yes it is convenient, but that information is VERY easy to scrape from the device in question if malware has a chance to access it for just a few seconds. Which believe it or not, is very very common.
Those logins that are saved get stolen in plain text (meaning you can read them like they were typed out clearly in notepad or Word) and are then utilized to create mayhem and destruction.