Aavgo security lapse exposed hotel bookings

Zack Whittaker reports:

A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information.

The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password.

The server was open for three weeks — long enough for security researcher Daniel Brown to find the database.

He shared his findings exclusively with TechCrunch, then published them.

Indeed he did — in extensive detail. Do read their report.

And continue reading Zack’s report that includes how TechCrunch was threatened with “immediate legal action” ahead of publication. I wish TechCrunch had named the threatening law firm so we could all respond to them appropriately with a Get Well card and a copy of the First Amendment….

ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Hotel and Casino near Las Vegas Strip suffers data breach, documents say

Related: