Aavgo security lapse exposed hotel bookings

Zack Whittaker reports:

A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information.

The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password.

The server was open for three weeks — long enough for security researcher Daniel Brown to find the database.

He shared his findings exclusively with TechCrunch, then published them.

Indeed he did — in extensive detail. Do read their report.

And continue reading Zack’s report that includes how TechCrunch was threatened with “immediate legal action” ahead of publication. I wish TechCrunch had named the threatening law firm so we could all respond to them appropriately with a Get Well card and a copy of the First Amendment….

Two more entities have folded after ransomware attacks
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Inquiry launched after identities of SAS soldiers leaked in fresh data breach
Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
Government will 'robustly defend' compensation claims from Afghans put at risk by data breach

Related: