Millions of hotel users see personal info checked out in huge data leak

(Image credit: Getty Images)

CyberNews researchers have discovered a huge data leak
The dataset contained the information of over 24 million customersIt likely belonged to hotel chain Honotel

A leaked dataset which contained over 24 million hotel records has been discovered by CyberNews researchers, which included names, emails, phone numbers, and detailed stay information like arrival time, number of guests, and price paid.

There are strong indications that the dataset belongs to Honotel Group, a French hospitality investment and management firm.

The data specifically mentions ‘SITE HONOTEL’, researchers confirmed, as well as booking platforms such as Booking.com - suggesting the leaked database might be part of Honotel’s booking management system.

Guests at risk

Researchers discovered the suspected Honotel leak on October 4, 2024, and the leak was closed by October 7 2024, so the organization at least acted quickly once the disclosure notice had been sent.

It’s not clear how long the data was available, or if threat actors discovered or stole anything, but the information was discovered on an unprotected Elasticsearch server and Kibana interface.

This puts both the customer and the company at risk. For the customer, the risk when Personally Identifiable Information (PII) is compromised is the risk of fraud and identity theft, as malicious actors can use the data to take out loans, bank accounts, or even to develop social engineering attacks against the victims.

For the company, much like the FTC fines, European firms face GDPR regulations which could see penalties of up to 4% of a company’s global annual revenue if best security practices are not put in place to protect PII.

This comes not long after major incidents led the FTC to order the Marriott and Starwood hotel chains to implement more robust security measures after 344 million customers were left exposed in a massive data breach. Marriott systems were exposed for up to four years, earning the firm a $52 million penalty from the FTC in 2024.

Check out our list of the best firewall software around today
US state sues T-Mobile over 2021 data breach which leaked data of millions
We've also rounded up the best antivirus on offer right now

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.