Cybercriminals took advantage of an open MongoDB database containing data from Choice Hotels and stole 700,000 customer records and then demanded a $3,800 ransom payment for their return.
The unsecured third-party database was first uncovered by Comparitech and security researcher Bob Diachenko, but despite quick action on their part informing Choice of the problem, malicious actors also found the database and removed the data and left a ransom note demanding 0.4 Bitcoin, or about $3,856. The database actually contained 5.6 million records, but Comparitech reported that Choice said the vast majority were test data.
However, 700,000 were true records containing customer names, email addresses, and phone numbers.
Choice told Comparitech it will no longer work with the third-part vendor, which left it fully open not requiring either a password or other authentication method required to view the contents.
The database was first indexed on June 30 by the BinaryEdge search engine. Diachenko then discovered it on July 2 and he emailed Choice hotels about the issue. The server was secured on July 2, although not due to Diachenko’s action as the hotel said his email was filtered out and not read, but at this point the ransom note was already in place on the server.
Diachenko sent a second notification to Choice on July 28 and only then did the hotel chain launch an investigation into the incident.
Even though financial and detailed personal information was not exposed, Comparitech noted the information that was compromised poses a threat.
“Scammers can address users by name and include detailed personal information to make the message more convincing. Aside from emails, scammers might also send phishing messages to users’ phones through SMS texts. Choice Hotels customers should also be ready for an increase in targeted spam to their phones and email accounts,” the company wrote.