Threat Actor Claims Sale of 318 Million Otelier Records

A threat actor known as “Ay4me” has put up for sale a trove of 318 million records on BreachForums, claiming the data was stolen from Otelier, a cloud-based hotel management platform. The stolen database, totaling 7.8TB, reportedly contains sensitive information from major hotel chains such as Marriott, Hilton, and Hyatt.

The data leak was disclosed over the weekend when Ay4me posted the sale on BreachForums, a notorious cybercrime marketplace. The hacker's post describes the dataset as including MongoDB and SQL database dumps, email automation records, and millions of documents related to hotel bookings and financial transactions. Samples of the leaked data suggest that the breach exposes a wide range of sensitive records, including guest reservation details, financial transactions, and loyalty program data.

According to Ay4me's forum post, the dataset includes:

• Nearly 40 million reservation records, including guest names, room numbers, and booking details.
• Millions of financial records detailing payment authorizations, credit card types (masked), and hotel banking activity.
• Records of hotel loyalty program members, listing membership numbers, stay history and even reward points.
• Detailed insights into guest stays, room assignments, and internal management notes.
• Millions of names and phone numbers, while xml_user_entries.json appears to store customer transaction logs.

Otelier, formerly MyDigitalOffice, provides cloud-based management solutions to over 10,000 hotels worldwide. The platform handles key operational data, including reservations, invoicing, and transaction logs, making it a valuable target for cybercriminals.

The data leak is linked to a security incident the firm admitted late last week, in which threat actors gained access to its systems using stolen employee credentials. The attackers breached Otelier's Atlassian server through malware-exfiltrated login details, allowing them to scrape internal support tickets for further credentials. This eventually led to unauthorized access to Otelier's Amazon S3 storage, from which they extracted nearly 8TB of sensitive data.

While major hotel chains like Marriott confirmed that their data was included in the breach, they emphasized that their internal systems were not directly compromised. Otelier has yet to release an official statement regarding the latest claims on BreachForums. CyberInsider has contacted Otelier to ask about the authenticity of the leaked data, but we are still waiting for a response. We will update this post as soon as we hear back.

Meanwhile, potentially affected individuals should keep an eye on loyalty program accounts and financial statements, beware of phishing attempts impersonating hotels or customer service, and enable multi-factor authentication to accounts linked to hotel bookings and loyalty programs can help mitigate unauthorized access. Impacted individuals can check if their data was included in the breach through Have I Been Pwned, although the data is still being added to the service.