A report published today by security research firm VPNMentor suggests its team found 100GB of unsecured customer data from the French travel booking site Option Way. The database includes details such as names, email IDs, addresses, phone numbers, and travel details.
The report noted these customers were mainly from France, Belgium, Switzerland, Algeria, and Australia. Apart from customers’ data, the database also contained details of the company’s employees and credit cards used for transactions. The research team found the unsecured database on August 20 and informed the company five days later.
Option Way’s website claims it processes data in an encrypted way and in line with the recommendations set out by the CNIL (France’s data protection authority). However, VPNMentor team was able to access the database.
The team noted that it found large chunks of Option Way’s database unencrypted and unprotected. The research firm was also able to manipulate URLs to find more data.
We’ve reached out to Option Way to understand the nature of this leak’s impact and what it’s doing to protect its customers. We’ll update the story once we hear back from them.
Unencrypted and unprotected databases pose a huge threat to a company’s privacy and security, as well as for its customers. This is a basic security measure organizations have to take care of to ensure its users are not at a risk.