Mastodawn

@dangoodin The #TravelTech industry is extremely fragmented and runs on decades old legacy systems. And of course security was not a priority for many parts of that system until recently. While the data comes from #Booking, my experience tells me the leaks actually come from hotels, property management system, channel managers and many of the other players, who need to data to fulfill bookings but lack the required security.

I've written a few more thoughts on this here. Travel tech security is a frustrating but fascinating place to be working in.

Ellie (@[email protected])

Interesting but imo misleading [article from ArtsTechnica about Booking data leaks](https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/ ). It is clear the data is leaking from somewhere, but for having worked in the travel tech industry, Booking is probably not to blame here. Hotels are running on extremely old tech infrastructure, and security has historically not been a priority or concern. If the leak was indeed coming from Booking, the scale of the scam would be much larger. To me, it seems that individual property management systems, usually on prem at hotels, were hacked, and the data used to scam people. Of course that data would include the fact that the booking was made through Booking, and Booking controls enough of the market to make the scam worth it. I am not familiar with the internals of Booking, but it must have a way for hotels to message their guests, which would explain how an email could come from the scammer/hacked system through a legit Booking email address to customers. It would be interesting to know how this could be made more secure, if the integration is compromised... #TravelTech #Booking #Scam

Infosec Exchange

Mysterious leak of Booking.com reservation data is being used to scam customers

Ellie (@[email protected])