Aavgo security lapse exposed hotel bookings

Zack Whittaker reports:

A security lapse at a hotel management startup has exposed hotel bookings and guests’ personal information.

The security lapse was resolved Monday after TechCrunch reached out to Aavgo, a hospitality tech company based in San Francisco, which secured a server it had left online without a password.

The server was open for three weeks — long enough for security researcher Daniel Brown to find the database.

He shared his findings exclusively with TechCrunch, then published them.

Indeed he did — in extensive detail. Do read their report.

And continue reading Zack’s report that includes how TechCrunch was threatened with “immediate legal action” ahead of publication.  I wish TechCrunch had named the threatening law firm so we could all respond to them appropriately with a Get Well card and a copy of the First Amendment….

About the author: Dissent