Zack Whittaker reports:
A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information.
The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password.
The server was open for three weeks — long enough for security researcher Daniel Brown to find the database.
He shared his findings exclusively with TechCrunch, then published them.
Indeed he did — in extensive detail. Do read their report.
And continue reading Zack’s report that includes how TechCrunch was threatened with “immediate legal action” ahead of publication. I wish TechCrunch had named the threatening law firm so we could all respond to them appropriately with a Get Well card and a copy of the First Amendment….