Hackers Stole 700K Records of ‘Choice Hotels’ Customers & Demanded Ransom

• Choice Hotels compromised 700,000 of its customers who have had their personal information leaked on the Web.
• The hotel industry giant had ordered the development of a new tool, but their contractors failed to manage the data responsibly.
• The hackers found the unprotected database and threatened to wipe it, but their script failed to deliver.

Hackers managed to steal the records of 700,000 Choice Hotels customers from an unprotected MongoDB instance. The discovery came from Bob Diachenko, a researcher who spends much of his time looking around for unprotected databases, but along with the particular set of data, he also found a ransom note indicating that someone had found the unprotected database first. The note demanded 0.4 Bitcoin (around $4,000) from the owner of the database, who didn’t realize what had happened until Diachenko sent a message to notify them on July 2. Normally, the malicious actors should have already wiped the database as the ransom was never paid, but the researcher supposes that something went wrong with the automated script.

The database was handled by a collaborator of Choice Hotels, who was provided with the data in order to develop a tool that was needed by the US-based hospitality franchisor. The database actually contained more than 5.6 million records and approximately 3.8GB of data, but Choice Hotels told the press that most of the records were “test data”, and that 700,000 individuals were exposed by this incident. The data that was compromised includes full names of customers, their addresses, phone numbers, emails, and consent statuses.

Choice Hotels claims that any records containing passwords, reservation details, and payment information are fake and only used for the purposes of developing the aforementioned tool. While this is reassuring, it cannot be confirmed at this point. Based on what has been made known so far, the data that was stolen would be more than enough to allow phishing actors and scammers to trick people and deliver successful impersonation attacks via SMS or email. Diachenko believes that the hackers left the ransom note via an automated system, as they could have otherwise very easily taken over the whole system, infect it with malware, access the server resources, and generally do a lot more than what they did.

Choice Hotels operates 6,627 properties around the globe, with the brands belonging to them including Ascend Hotel Collection, Cambria Hotels, Comfort, Sleep Inn, Clarion Hotels, MainStay Suites, Suburban Extended Stay Hotel, WoodSpring Suites, Econo Lodge, Rodeway Inn, Quality Inn, and Vacation Rentals by Choice Hotels. If you have stayed in one of their 525,500 rooms, contact Choice Hotels and ask about the safety of your data.

Are you concerned about this latest breach? Share your thoughts in the comments section down below, or on our socials, on Facebook and Twitter.