A report published today by security research firm VPNMentor suggests its team found 100GB of unsecured customer data from the French travel booking site Option Way. The database includes details such as names, email IDs, addresses, phone numbers, and travel details.
The report noted these customers were mainly from France, Belgium, Switzerland, Algeria, and Australia. Apart from customers’ data, the database also contained details of the company’s employees and credit cards used for transactions. The research team found the unsecured database on August 20 and informed the company five days later.
Option Way’s website claims it processes data in an encrypted way and in line with the recommendations set out by the CNIL (France’s data protection authority). However, VPNMentor team was able to access the database.
The team noted that it found large chunks of Option Way’s database unencrypted and unprotected. The research firm was also able to manipulate URLs to find more data.
We’ve reached out to Option Way to understand the nature of this leak’s impact and what it’s doing to protect its customers. We’ll update the story once we hear back from them.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
Unencrypted and unprotected databases pose a huge threat to a company’s privacy and security, as well as for its customers. This is a basic security measure organizations have to take care of to ensure its users are not at a risk.
Get the TNW newsletter
Get the most important tech news in your inbox each week.