The group stressed that these vulnerabilities reflect systemic weaknesses across the API infrastructure rather than isolated issues at individual properties. They reported gaining entry via the system of a partner hotel integrated through HyperGuest’s API, requiring no advanced exploitation methods, underscoring poor network segmentation and insufficient access controls.

https://www.suspectfile.com/cyberattack-on-hyperguest-api-infrastructure-exposes-sensitive-data-of-thousands-including-jpark-island-resort-waterpark/

#jparkresort #HyperGuest #Stormous #Data_Breach #Ransomware #Infosec