TechCrunch reports that at least three U.S.-based Wyndham hotels were discovered by security researcher Eric Daigle to have had their check-in systems compromised with the consumer-grade spyware app pcTattletale, which is impacted by a vulnerability that exposed the screenshots it captured from the devices where it was installed.
Screenshots obtained from a pair of Wyndham hotels revealed the names, reservation details, and partial payment card numbers of individuals who booked via Sabre's web portal, while the connection of the third hotel's check-in system with Booking.com's admin portal was shown in a separate screenshot.
Wyndham has not confirmed its awareness or approval of pcTattletale use on its front-desk computers but Booking.com emphasized that no spyware has impacted its systems. Such an incident may have been a case of a sophisticated phishing attack that lured accommodation partners' employees to download malware that facilitated unauthorized Booking.com account access, according to Booking.com spokesperson Angela Cavis.
