Choice Hotels, one of the largest lodging chains in the world, has recently released that they suffered a data breach that occurred from a misconfigured MongoDB database. Cybercriminals were able to exploit this flaw and steal around 700,000 customer records. The breach was discovered on June 30th, 2019 and was reported to Choice Hotels. The company was able to secure the database almost immediately after being alerted. The attackers were able to obtain information such as customer’s names, email addresses, physical addresses, and phone numbers. After the data theft, the hackers left behind a ransom note for 0.4 Bitcoin, approximately $4,000, in return for the records. Choice Hotels has responded by stating that the information stolen was mostly test data and that no financial information or detailed personal data was exposed. Choice Hotels owns and operates Comfort Inn, Comfort Suites, Quality, Sleep Inn, Clarion, Cambria Hotels, MainStay Suites, Suburban, Econo Lodge, and Rodeway Inn.
Analyst Notes
Users who have made a login to any of the Choice Hotel brands are recommended to reset their password as soon as possible to one that is unique to the login and complex through the use of case-specific characters, numbers and special characters. Companies should perform regular security audits on their databases and employ some sort of security monitoring service such as the Binary Defense Security Operations Center that can monitor for threats 24 hours a day.