Actu
European hotel chain exposes millions of guests’ data
January 2025 by CyberNews
The Cybernews research team has uncovered a massive data leak potentially caused by a hospitality investment and management firm. The leak exposed detailed customer records, including arrival times, price paid, and contact details. Nearly 25 million records with sensitive data were left passwordless online, putting hotel customers at risk.
The database initially contained over 38.8 million records, but after filtering out entries labeled as "dummy," the total count of exposed real customer records stood at approximately 24,777,984.
Although the exact origin of the data remains uncertain, indicators suggest that the instance may have been part of Honotel or Kardex infrastructure, a French hospitality investment and management firm.
"The exposure poses significant risks to customer privacy and security, especially given that detailed personal information and specifics of hotel stays were accessible." the Cybernews research team said.
What kind of data was leaked?
• Names
• Emails
• Phone numbers
• Date of birth
• Country code
• Language code
• Information about hotel visits
• Detailed stay information, including arrival time, nights booked, price paid, and number of guests
• Loyalty points
• Property IDs
Potential risks
• The exposure poses significant risks to customer privacy and security, especially given that detailed personal information and hotel stay specifics were accessible.
• The rich dataset — encompassing personal identifiers, booking data, and travel patterns — could be exploited by malicious actors for identity theft, targeted phishing, and fraud.
• The leak may violate data protection and privacy regulations, leading to potential legal and reputational consequences for the responsible parties.
