HomeCyber BalkansSpyware Application Discovered Operating on Numerous US Hotel Computers

Spyware Application Discovered Operating on Numerous US Hotel Computers

Published on

spot_img

In a recent discovery made by TechCrunch, it has come to light that a consumer-grade spyware app called pcTattletale was found installed on the check-in systems of three Wyndham hotels in the United States. This unsettling revelation has raised serious concerns about the security of guest information and customer data at these hotels.

The spyware app, pcTattletale, operates by stealthily capturing screenshots of the hotel booking systems, thereby exposing sensitive guest details and customer information. These screenshots were found to be accessible to anyone on the internet due to a security flaw in the spyware, rather than just the intended users of the app. This flaw poses a significant risk as it compromises the confidentiality and privacy of the guests staying at these hotels.

It was security researcher Eric Daigle who stumbled upon the compromised hotel check-in systems and tried to alert pcTattletale about the issue. However, despite his efforts, the company has not responded, leaving the flaw unresolved. As a result, the screenshots containing names, reservation details, and even partial payment card numbers of guests were left vulnerable to potential exploitation.

The screenshots from two Wyndham hotels showed guest information on a web portal provided by travel tech giant Sabre, as well as access to a third hotel’s check-in system linked to Booking.com’s administration portal. This breach highlights the urgent need for stronger cybersecurity measures in the hospitality industry to safeguard personal data from unauthorized access and misuse.

The implications of this security breach are grave, especially considering that pcTattletale is marketed for child and employee monitoring and has even been suggested for use against spouses suspected of infidelity. Despite the severe nature of this incident, the founder of pcTattletale, Bryan Fleming, has chosen not to respond to requests for comment, leaving many questions unanswered.

The response from Wyndham and Booking.com, the two major players involved in this incident, has been mixed. While Wyndham clarified that its U.S. hotels are independently owned and operated, it did not confirm whether pcTattletale’s presence on the check-in computers was approved. Booking.com, on the other hand, reassured that its systems were not compromised and highlighted the sophisticated phishing tactics employed by cybercriminals to target hotel systems.

As investigations into this security breach continue, the hospitality industry must prioritize strengthening its security protocols to prevent similar breaches in the future. This incident serves as a wakeup call for the industry to reevaluate its cybersecurity measures and regulatory oversight to ensure the protection of personal data and customer privacy.

In conclusion, the exposure of sensitive guest information at these Wyndham hotels underscores the critical need for improved cybersecurity practices within the hospitality sector. As technology advances, it is imperative that hotels and other businesses handling customer data remain vigilant in protecting this information from unauthorized access and exploitation.

Source link

Latest articles

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...

Proton Introduces Business Continuity Service to Ensure Communication During Outages

Swiss encrypted communications provider Proton has recently introduced a dedicated business continuity service aimed...

More like this

Why CISOs Should Implement Zero-Trust Security for IoT

Understanding IoT Security: The Role of Zero Trust in Safeguarding Connected Devices The Internet of...

Cybersecurity Requires Increased Prevention and Reduced Reliance on Cure

The Limits of a Detection-First Model As the cybersecurity landscape evolves, industry forums like the...

Researcher Discovers Ninth Windows Zero-Day Vulnerability

LegacyHive: An Emerging Local Privilege Escalation Vulnerability In a recent turn of events in the...