The hotel management platform Otelier experienced a significant data breach after cybercriminals gained access to its Amazon S3 cloud storage, stealing personal details and booking information of millions of guests from renowned hotel brands.
The initial compromise occurred in July 2024, with unauthorized access persisting until October. Hackers claim to have exfiltrated nearly 8 terabytes of data from Amazon S3 storage managed by Otelier. The company has since contacted affected clients and is implementing measures to fortify its systems.
Otelier, formerly known as MyDigitalOffice, provides cloud-based hotel management solutions used by more than 10,000 hotels worldwide. Among its clientele are Marriott, Hilton, and Hyatt, whose data was among the stolen information.
The breach was executed using an employee’s stolen credentials obtained through malware. The attackers gained access to an Atlassian server, where they discovered additional credentials to infiltrate Amazon S3 storage. The stolen data includes night audit reports, shift audits, and accounting records.
Marriott has confirmed that automated services provided by Otelier have been suspended pending the completion of the investigation. Hilton and Hyatt, also implicated in the incident, have yet to issue official statements.
While passwords and payment data were not compromised, the leaked personal information—including names, addresses, phone numbers, and email addresses—poses a significant risk for targeted phishing attacks.
The breach was uncovered in the “Have I Been Pwned” database, revealing 437,000 unique email addresses linked to the incident. Booking-related tables contained over 39 million entries, while the user database held 212 million records.
The hackers attempted to extort cryptocurrency ransom, mistakenly believing the data storage belonged to Marriott. However, after credential rotation in September, they lost access to the data. Attempts to contact Marriott for ransom negotiations were unsuccessful. Marriott emphasized that while its systems were not directly compromised, data stored with Otelier was leaked. The company continues to take steps to mitigate the incident’s impact.
Affected clients of Marriott, Hilton, and Hyatt are advised to exercise heightened caution when receiving suspicious emails masquerading as official hotel communications. Phishing campaigns often exploit stolen data to establish trust and extract further confidential information.
