In a recent discovery made by TechCrunch, it has come to light that a consumer-grade spyware app called pcTattletale was found installed on the check-in systems of three Wyndham hotels in the United States. This unsettling revelation has raised serious concerns about the security of guest information and customer data at these hotels.

The spyware app, pcTattletale, operates by stealthily capturing screenshots of the hotel booking systems, thereby exposing sensitive guest details and customer information. These screenshots were found to be accessible to anyone on the internet due to a security flaw in the spyware, rather than just the intended users of the app. This flaw poses a significant risk as it compromises the confidentiality and privacy of the guests staying at these hotels.

It was security researcher Eric Daigle who stumbled upon the compromised hotel check-in systems and tried to alert pcTattletale about the issue. However, despite his efforts, the company has not responded, leaving the flaw unresolved. As a result, the screenshots containing names, reservation details, and even partial payment card numbers of guests were left vulnerable to potential exploitation.

The screenshots from two Wyndham hotels showed guest information on a web portal provided by travel tech giant Sabre, as well as access to a third hotel’s check-in system linked to Booking.com’s administration portal. This breach highlights the urgent need for stronger cybersecurity measures in the hospitality industry to safeguard personal data from unauthorized access and misuse.

The implications of this security breach are grave, especially considering that pcTattletale is marketed for child and employee monitoring and has even been suggested for use against spouses suspected of infidelity. Despite the severe nature of this incident, the founder of pcTattletale, Bryan Fleming, has chosen not to respond to requests for comment, leaving many questions unanswered.

The response from Wyndham and Booking.com, the two major players involved in this incident, has been mixed. While Wyndham clarified that its U.S. hotels are independently owned and operated, it did not confirm whether pcTattletale’s presence on the check-in computers was approved. Booking.com, on the other hand, reassured that its systems were not compromised and highlighted the sophisticated phishing tactics employed by cybercriminals to target hotel systems.

As investigations into this security breach continue, the hospitality industry must prioritize strengthening its security protocols to prevent similar breaches in the future. This incident serves as a wakeup call for the industry to reevaluate its cybersecurity measures and regulatory oversight to ensure the protection of personal data and customer privacy.

In conclusion, the exposure of sensitive guest information at these Wyndham hotels underscores the critical need for improved cybersecurity practices within the hospitality sector. As technology advances, it is imperative that hotels and other businesses handling customer data remain vigilant in protecting this information from unauthorized access and exploitation.

Source link