A consumer-grade spyware app named pcTattletale has been discovered running on the check-in systems of at least three Wyndham hotels across the United States, raising significant concerns about data security. TechCrunch reported that the spyware stealthily captured screenshots of hotel booking systems, exposing sensitive guest information such as names, reservation details, and partial payment card numbers. Due to a security flaw in the spyware, these screenshots were accessible to anyone on the internet, not just the intended users of the spyware.
Security researcher Eric Daigle, who uncovered the compromised systems, tried to alert pcTattletale about the issue, but the company has not responded, leaving the flaw unpatched. Screenshots from two Wyndham hotels revealed sensitive guest information on a web portal provided by Sabre, while another screenshot showed access to Booking.com’s administration portal. This incident underscores the vulnerabilities in hotel IT systems and the urgent need for more robust cybersecurity measures.
The managers of the affected hotels were largely unaware of the spyware’s presence on their systems. Wyndham spokesperson Rob Myers explained that Wyndham hotels in the U.S. are independently owned and operated franchises, implying that the parent company may not have approved the use of such software. Booking.com assured that its systems were not compromised and attributed the incident to sophisticated phishing tactics targeting hotel systems.
The use of consumer-grade spyware like pcTattletale, often marketed for monitoring children and employees or for use against spouses, presents a significant risk when employed in commercial settings. The exposure of sensitive guest information highlights the need for strict regulatory oversight and improved cybersecurity protocols in the hospitality industry to prevent such breaches and protect personal data. As investigations continue, hotels must reassess their security measures to ensure better protection against unauthorized access and misuse of sensitive information.
Reference:
