
Otelier, a cloud-based hotel management platform serving over 10,000 hotels worldwide, has confirmed a significant data breach affecting major hotel chains including Marriott, Hilton, and Hyatt. The breach, occurring between July and October 2024, resulted in the theft of approximately 8 terabytes of data from Amazon AWS S3 storage buckets.
The Attack Timeline and Method
Threat actors initially gained access through an employee’s stolen Atlassian credentials, obtained via information-stealing malware. These credentials were then used to access additional data, including S3 bucket credentials, enabling the massive data extraction.
Scope of the Breach
– 39 million reservation records
– 212 million user records
– 437,000 unique email addresses affected
– Compromised data includes guest names, addresses, phone numbers, and email addresses
– No passwords or billing information were exposed
Corporate Response
Otelier has:
– Confirmed the breach and contacted affected customers
– Hired cybersecurity experts for forensic analysis
– Terminated unauthorized access
– Disabled compromised accounts
– Enhanced security protocols
Marriott’s Response
Marriott has suspended automated services provided by Otelier pending investigation completion. The company confirmed that while their data was affected through Otelier, their own systems remained secure.
Impact Assessment
The stolen data has been added to Have I Been Pwned, allowing individuals to check if their information was compromised. While financial data appears secure, the exposed personal information could be used in targeted phishing attempts against affected hotel guests.