While the global tourism and travel industry has suffered greatly during the COVID-19 pandemic, there could another incident for it to worry about as three of the biggest online accommodation sites have had the data of more than 10 million users compromised – Booking.com, Hotels.com and Expedia.

According to Website Planet, Prestige Software, which handles the technology for all three of those platforms, reportedly left user data exposed in an Amazon Web Services (AWS) S3 bucket.

This repository had an estimated 10 million-plus records within it, which included user information such as their names, ID numbers, credit card details and of course their reservations.

At this stage it remains to be seen how long the aforementioned S3 bucket was left exposed, or indeed who has access it or tried to pull information from it, but Website Planet did note that it took AWS a day to secure the bucket once it information the cloud specialist about it.

In the worst case scenario that Website Planet paints, the exposure of this data, which dates back as far as 2013 in some cases, could see credit card details be used for unauthorised transacting online, as well as hackers potentially stealing a person’s holiday by posing as them with the exposed information.

At the time of writing neither Booking.com, Hotels.com or Expedia have provided official comment on the matter, nor indicated to what extent the data of its users has been compromised.

Either way if you use any of the above platforms, it may be best to check your profile and take necessary steps to safeguard it.

[Image – Photo by Kevin Angelsø on Unsplash]