Researchers find exposed Elastic server of a hospitality sector leaking 25M records
Learn More
An exposed Elasticsearch server and Kibana interface containing sensitive customer data from the hospitality sector was uncovered by the Cybernews research team. While the ownership of the database wasn't definitively confirmed, strong indicators suggest it belongs to Honotel Group, a French hospitality investment and management firm that operates 135 hotels across eight European countries with an asset valuation of €1.2 billion.
The exposed infrastructure contained nearly 25 million records of hotel customer data. The exposure was identified through references to "SITE HONOTEL" in the database and the integration with booking platforms like Booking.com, suggesting it was part of Honotel's guest and booking management system.
The exposed data includes:
- Names
- Email addresses
- Phone numbers
- Dates of birth
- Country codes
- Language preferences
- Hotel visit information including:
- Arrival times
- Number of nights booked
- Prices paid
- Number of guests
- Loyalty points information
- Property IDs
The total number of affected individuals is not disclosed, but it's estimated to be over 100,000.
Cybernews attempted to contact Honotel Group for clarification about the incident but received no response. Since the disclosure was sent, access to the database has been secured. The exposure duration and whether any unauthorized parties accessed the data during this period remain unknown.
The company has not publicly confirmed or denied the incident, and no official breach notification has been published.
