Hacker News new | past | comments | ask | show | jobs | submit login
700k Choice Hotels records leaked in data breach, ransom demanded (zdnet.com)
40 points by LinuxBender 67 days ago | hide | past | web | favorite | 7 comments

> exposed MongoDB instance

> Choice Hotels says the database, while linked to the firm, was operated by a partner vendor and no internal Choice Hotels servers were accessed. "The vendor was working with the data as part of a proposal to provide a tool," a Choice Hotels spokesperson said.

> Due to the security lapse, the hotel franchise will not be working with the unnamed vendor in question.

I get the legal and business reasons not to name the vendor -- but at the same time, the only real punishment for this vendor is definitely not getting a contract with Choice Hotels.

(quotes from https://www.zdnet.com/article/700000-choice-hotels-records-l...)

Until someone who has the authority to approve purchase orders but wasn't in the loop on this decides to use this vendor again.

A lot of companies have company-wide vendor blacklists.

The average American now has [[5321]] days of free credit monitoring.

Heh. 14.5 years.

> The message claimed that 700,000 records had been stolen and backed up elsewhere and demanded 0.4 Bitcoin (BTC), approximately $4,000 at the time of writing, from the owners.

Not even a full bitcoin.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact