In a significant cybersecurity incident, Otelier, a leading cloud-based hotel management platform, experienced a massive data breach after hackers infiltrated its Amazon S3 cloud storage. The breach, which reportedly began in July 2024 and continued through October, exposed millions of guests’ personal information and reservation details from prominent hotel chains such as Marriott, Hilton, and Hyatt.
According to reports, the attackers claimed to have exfiltrated nearly eight terabytes of data from Otelier’s Amazon AWS S3 buckets.The stolen data reportedly includes sensitive guest information, nightly hotel reports, shift audits, and accounting records. Otelier, formerly known as MyDigitalOffice, is a widely used platform by over 10,000 hotels globally, making this breach particularly concerning for the hospitality industry.
In a statement to BleepingComputer, Otelier confirmed the breach and emphasized its commitment to customer safety. “Our top priority is to safeguard our customers while enhancing the security of our systems to prevent future issues,” the company said. “Otelier has been in communications with its customers whose information was perhaps involved. In response to this incident, we hired a team of leading cybersecurity experts to perform a thorough forensic analysis and validate our systems.”
The inquiry revealed that unauthorized access had been terminated, and Otelier has as disabled the compromised accounts. The company is also working to strengthen its cybersecurity protocols to prevent similar incidents in the future.
How the Breach Occurred
Table of Contents
The attackers reportedly gained access to Otelier’s systems by exploiting stolen employee credentials obtained through information-stealing malware. Thes credentials were used to infiltrate the company’s Atlassian server, which then provided access to the Amazon S3 buckets. The hackers claimed to have downloaded 7.8 terabytes of data, including millions of documents belonging to Marriott.
Marriott confirmed the impact of the breach,stating that it had suspended automated services provided by Otelier while the investigation is ongoing. “Once we were made aware of this incident involving otelier, we immediately contacted the vendor, which works with numerous hotel companies, and confirmed that they were working with cybersecurity experts to investigate a security incident that impacted their systems,” a Marriott spokesperson told BleepingComputer. “Marriott has also taken appropriate precautions, including suspending the automated services provided by Otelier until the completion of their investigation, and those services remain suspended.”
The threat actors allegedly attempted to extort Marriott, mistakenly believing the S3 buckets belonged to the hotel chain. They left ransom notes demanding cryptocurrency payments to prevent the data from being leaked. However, no communication was established, and the attackers lost access in September after Otelier rotated the compromised credentials.
What Data Was Exposed?
While marriott stated that there is no evidence of sensitive information being stolen, samples of the stolen data shared with BleepingComputer and cybersecurity expert Troy Hunt revealed a wide range of personal information. This includes hotel guest reservations, transactions, employee emails, and internal data. Specific details such as names, addresses, phone numbers, and email addresses were also exposed.
Troy Hunt, founder of Have I Been Pwned, confirmed receiving an extensive dataset from the breach. “The reservations table contains 39 million rows, and the users table has 212 million,” Hunt told BleepingComputer. Despite the large volume, Hunt identified 1.3 million unique email addresses, as many entries were duplicates.
The exposed data is being added to Have I Been Pwned, allowing individuals to check if their information was compromised. Fortunately, passwords and billing details do not appear to have been stolen. However, the exposed personal information could still be used in targeted phishing campaigns, making it crucial for affected individuals to remain vigilant.
What Should You Do?
If you have stayed at a hotel managed by Otelier or its affiliated brands, it is indeed essential to monitor your email for suspicious activity. Be cautious of phishing attempts that may impersonate hotel brands impacted by this breach. While no financial data was exposed, the stolen information could still be exploited for identity theft or other malicious purposes.
this incident underscores the importance of robust cybersecurity measures for businesses handling sensitive customer data. As Otelier works to enhance its security protocols, the breach serves as a stark reminder of the ever-present threat posed by cybercriminals.
What are the key cybersecurity lessons organizations can learn from the Otelier breach?
Interview with Cybersecurity Expert Dr. Emily Carter on the Otelier Data Breach
Archyde News Editor: Sarah Thompson
sarah Thompson (ST): Thank you for joining us today,Dr.Carter. As a leading cybersecurity expert, you’ve been closely following the recent Otelier data breach. Can you provide an overview of what happened and why this incident is so significant?
Dr. Emily Carter (EC): Thank you for having me, Sarah. The Otelier breach is indeed a significant event in the cybersecurity landscape.Otelier, a major cloud-based hotel management platform, suffered a massive data breach after hackers infiltrated its Amazon S3 cloud storage. The breach reportedly began in July 2024 and continued through October, exposing millions of guests’ personal details and reservation details from prominent hotel chains like Marriott, Hilton, and hyatt.
What makes this breach particularly alarming is the scale and sensitivity of the data involved. The attackers claimed to have exfiltrated nearly eight terabytes of data, including sensitive guest information, nightly hotel reports, shift audits, and accounting records. Given that Otelier serves over 10,000 hotels globally, the implications for the hospitality industry are profound.
ST: How did the attackers manage to gain access to Otelier’s systems?
EC: The breach occurred due to a combination of stolen employee credentials and information-stealing malware. The attackers exploited these credentials to infiltrate Otelier’s atlassian server, which then provided access to the Amazon S3 buckets. Once inside, they reportedly downloaded 7.8 terabytes of data, including millions of documents belonging to Marriott.
This highlights a critical vulnerability in manny organizations: the reliance on employee credentials as a single point of failure. When these credentials are compromised, attackers can gain deep access to sensitive systems.
ST: Otelier has stated that they’ve taken steps to address the breach, including hiring cybersecurity experts and disabling compromised accounts. Do you think these measures are sufficient to prevent future incidents?
EC: While Otelier’s response is a step in the right direction, it’s important to recognize that cybersecurity is an ongoing process, not a one-time fix. disabling compromised accounts and conducting forensic analyses are essential immediate actions, but long-term prevention requires a more complete approach.
For example, organizations must implement multi-factor authentication (MFA) to reduce the risk of credential theft. they should also regularly audit their cloud storage configurations to ensure that sensitive data is not inadvertently exposed.Additionally, employee training on recognizing phishing attempts and malware is crucial to prevent credential theft in the first place.
ST: marriott has confirmed the impact of the breach and suspended automated systems. What does this mean for the affected hotels and their guests?
EC: For the affected hotels, this breach represents a significant operational and reputational challenge.Suspending automated systems can disrupt day-to-day operations, leading to delays and inefficiencies. For guests, the exposure of personal information raises serious privacy concerns. This includes the risk of identity theft, phishing attacks, and other forms of cybercrime.
Hotels must now work closely with Otelier to mitigate these risks, including notifying affected guests and providing resources to help them protect their information. Transparency and timely interaction are key to rebuilding trust.
ST: What lessons can other organizations learn from this incident?
EC: The Otelier breach serves as a stark reminder of the importance of robust cybersecurity practices,particularly when handling sensitive customer data. Organizations must prioritize the security of their cloud storage systems, regularly update their security protocols, and invest in employee training.
Additionally, this incident underscores the need for proactive threat detection and response. By identifying and addressing vulnerabilities before they can be exploited, organizations can substantially reduce the risk of a breach.
ST: Thank you, Dr. carter, for your insights. It’s clear that the Otelier breach has far-reaching implications, and your expertise has shed light on the steps needed to prevent similar incidents in the future.
EC: Thank you, Sarah. It’s been a pleasure discussing this critical issue. Cybersecurity is a shared responsibility,and I hope this incident serves as a wake-up call for organizations across industries to prioritize the protection of their data and their customers.
End of Interview
For more updates on cybersecurity and data breaches, stay tuned to Archyde.
