back to article Messed Western: Vuln hunters say hotel giant's Autoclerk code exposed US soldiers' info, travel plans, passwords...

A security team for review site vpnMentor, led by Israeli researchers Noam Rotem and Ran Locar, recently found a publicly accessible AWS-hosted database owned by Autoclerk, a reservation system recently acquired by Best Western Hotels and Resorts Group. The exposed database contained sensitive personal data for thousands of …

  1. Blockchain commentard

    You can just read Twitter to find US military travel plans - they're leaving Syria, going to Israel, Saudi Arabia and Jordan. You can thank Trump for releasing their travel plans.

    1. GnuTzu

      Military personnel have long been trained--even before social media--that a thing does not have to be classified in order to considered sensitive (though the terminology has changed). If there are service members that are doing this, somebody's going to start making policies on this a little more explicit, along with training and well-defined consequences for foolish tweeting.

      1. Claptrap314 Silver badge

        "Loose lips sink ships" from WWII (in the US, at least). We didn't permanently get the message, however, until Viet Nam. When I was in (1987-91), the term was Essential Elements of Friendly Communications (EEFS). We had quarterly briefings. I expect those have been updated to include the internet...

    2. katrinab Silver badge

      But Trump doesn't reveal the name of the specific hotel they are checking in to.

  2. Doctor Syntax Silver badge

    You'd think by now that hotel chains would have learned that (a) they really need to do a thorough annual audit of their own security and (b) do the same in spades for any business they're thinking of buying.

    Obviously they haven't. It's going to take a few more big fines and lawsuits, big enough for the board and investors to notice. Even then it seems doubtful that they'll manage to learn from the misfortunes of others.

    1. Korev Silver badge
      Paris Hilton

      I'm awaiting the first big GDPR hit...

      Ms Hilton seems like an appropriate icon for a hotel discussion

    2. GnuTzu

      So many little motels in out-of-the-way places, some with out-dated equipment, and POS equipment that doesn't yet encrypt at the swipe. Some are realizing that this is a challenge and are in the process of stepping things up. But, how caught up are they? Given the loyalty programs these businesses want to have, I say they need a kick in the pants to lock things down. In the mean time, keep these things in mind when you read a lodges reviews, to maintain safe Internet hygiene.

  3. Claverhouse Silver badge
    Black Helicopters

    They can tent outside if they don't trust hotels.

    I don't really see why it is the business of a hotel to protect soldiers.


    And apart from the fact their dates of birth are probably already accessible to wicked terrorists, the latter probably know what soldiers are where anyway.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021