Home > News > Security > Hackers breach Best Western in data heist

Hackers breach Best Western in data heist

By Iain Thomson
25 August 2008 03:55PM
Tags: hackers | breach | western | data | heist

Hackers have broken into the corporate databases for Best Western Hotels and may have stolen the names, addresses and credit card information of every customer who stayed with the international group since 2007.

An investigation by the Sunday Herald found that an unknown Indian hacker got into Best Western’s databases on Thursday and accessed its databases, which contain the names, addresses, credit card numbers and additional customer’s information of people who have used the chain internationally.

"Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected," said a spokesman.

"We continue to investigate the root cause of the issue, including, but not limited to, the third-party website that has allegedly facilitated this illegal exchange of information."

The data on how to get into the database was apparently provided by an Eastern European hacking group and although the security hole the hacker used has now been closed the potential losses to customers could be huge.

It seems the hacker managed to insert a Trojan into the computers of a hotel and logged the user name and password of someone with sufficient security clearance to gain access to corporate servers.

The attack came to light after the company’s database was put up for sale on a sales board for such data.

"They've pulled off a masterstroke here," said security expert Jacques Erasmus, an ex-hacker who now works for the computer security firm Prevx.

"There are plenty of hacked company databases for sale online but the sheer volume and quality of the information that's been stolen in the Best Western raid makes this particularly rare."

"The Russian gangs who specialise in this kind of work will have been exploiting the information from the moment it became available late on Thursday night. In the wrong hands, there's enough data there to spark a major European crime wave."

Ads by Google

Thoughts on this article? Add a comment below.

Comments: 1

There seems to be a mismatch between Best Westerns online data policy and the description of this hack.

I am a information security professional not associated with Best Western. What evidence cna I get to show that this hack description is more than just a trumped up splash?

Regards,

Don Turnblade, CISSP

Posted by Don Turnblade, Aug 26, 2008 2:06 AM

Report

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Product Reviews

	AdventNet ManageEngine The AdventNet Manage-Engine Password Manager Pro provides a complete system for password management in one...

	Cyber-Ark Software Enterprise Password Vault The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.

	Hitachi ID Systems ID-Archive The Hitachi ID-Archive sets its focus on password randomisation.

	Lieberman Software Enterprise Random PM The Lieberman Software Enterprise Random Password Manager is a full-on password manager and randomiser for...

	Proginet Corporation SecurForce Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.