Massive Data Breach Exposes 5M Hotel Guests' Information via Compromised Platforms

Severity: High (Score: 64.5)

Sources: Cybernews, Scworld

Summary

A significant data breach has compromised the personal information of nearly 5 million hotel guests due to vulnerabilities in the Spanish automated check-in service Chekin and the Austrian hotel management software Gastrodat. The breach was discovered on March 24, 2026, when a leaking server containing 6.5GB of sensitive data was found. This incident affects over 170 hotels worldwide, with data from approximately 400,000 individual bookings exposed. The leaked information includes guest names, stay dates, reservation IDs, and internal safety flags. Attackers exploited more than 500 compromised hotel and host accounts to infiltrate the booking systems. Python scripts found on the server indicate that data was automatically extracted and potentially forwarded in real-time to Telegram channels. Neither Chekin nor Gastrodat has publicly commented on the incident. The scale of the breach raises concerns about the security of hospitality platforms and the potential for further exploitation of the leaked data. Key Points: • Nearly 5 million hotel guests' data exposed due to breaches in Chekin and Gastrodat. • Over 500 hotel accounts were compromised, allowing for extensive data extraction. • Python scripts on the leaking server suggest real-time data exfiltration to Telegram.

Key Entities

• Data Breach (attack_type)
• Chekin (company)
• Gastrodat (company)
• Booking.com (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-798 - Use of Hard-coded Credentials (cwe)
• Hospitality (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1056.001 - Keylogging (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Telegram (platform)
• Python (tool)
• Telegram API (tool)