Published on : Tuesday, September 3, 2019
A report published Monday by security research firm VPNMentor suggests that its team has found 100GB of unsecured customer data from the French travel booking site Option Way. The database includes details such as names, email IDs, addresses, phone numbers, and travel details.
Unencrypted and unprotected databases pose a huge threat to a company’s privacy and security, as well as for its customers. This is a basic security measure organizations have to take care of to ensure its users are not at a risk.
The report noted these customers were mainly from France, Belgium, Switzerland, Algeria, and Australia. Apart from customers’ data, the database also contained details of the company’s employees and credit cards used for transactions. The research team found the unsecured database on August 20 and informed the company five days later.
Option Way’s website claims it processes data in an encrypted way and in line with the recommendations set out by the CNIL (France’s data protection authority). However, VPNMentor team was able to access the database.
The team noted that it found large chunks of Option Way’s database unencrypted and unprotected. The research firm was also able to manipulate URLs to find more data.