FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries, had all its data stolen this month by an unknown attacker.  Hotel guest personal identifying information (pii), travel dates and credit card information was taken.  The breach took place on 14 June 2018 and took personal data in 58,003 leaks while credit card information was stolen in the remaining 66,960 cases.  It took 5 days to rectify the intrusion. In an attempt to mask the attack, hackers took only guest details from some hotels, credit card payment information from others, or both in some cases.  Japan seemed to be the hardest hit country, which affected 380 hotels.  Investigators theorize the number of targeted international hotels could be over 1000.   

Wapack Labs cautions that the underground will be filled with this FastBooking pii and credit card information in short order.  We have reported on many underground “Carder Shops” in the past; such as current and defunct: JokerStash, Scouse the Carder, Too_Rich_Carding_Forum, and the L33tsu Forum.

Mitigations

Be cautious when using credit cards in any sales transaction.  If you have used FastBooking services, immediately replace the credit card used.  Tips on credit card usage: Never leave your cards unattended at work.  There are more credit card thefts in the workplace than in any other single location.  If your credit card is programmed to access an Automated Banking Machine (ABM), protect your Personal Identification Number (PIN) or security code. Don't write it down, memorize it.  Don't leave your credit cards in your vehicle.  A very high proportion of credit cards are stolen from motor vehicles.    Always check your card when returned to you after a purchase.   Make sure it is your card.  When traveling, carry your cards with you or make sure they are in a secure location.  Report lost or stolen cards immediately.  Most fraudulent use of cards takes place within days of their being lost or stolen.  Sign the back of a new card as soon you get it.  Destroy unwanted cards so no one else can use them.  Make a list of all your cards and their numbers. This key information is helpful when reporting lost or stolen cards.  Always check your monthly statement.  Make sure the charges are yours.  Report them to your card company if the entry is not yours.  Never give your card number over the phone unless you are dealing with a reputable company.  The only time you should give it is when you have called to place an order.[1]

For questions or comments regarding this report, please contact the Lab directly by at 603-606-1246, or feedback@wapacklabs.com

 

[1] http://www.ckfraud.org/credit_card.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!