The cloud-based hotel management solution, Otelier, is in the limelight for all the wrong reasons this week, after it announced a significant data breach exposing the personal data of millions of people. Otelier is a software-as-a-service solution trusted by leading hotel brands, including Marriot, Hilton, and Hyatt—all of whose employees and customers are impacted by the incident.
Here’s everything we know so far, and the lessons learned.
How did the Otelier breach occur?
According to details obtained by Bleeping Computer, the Otelier data breach began in July 2024, when an unnamed threat group obtained an Otelier employee’s Atlassian log-in credentials via information stealing malware.
With access to the Atlassian server, the attackers began searching for more sensitive data, eventually uncovering credentials for Otelier’s S3 buckets. From there, they claim to have downloaded 7.8TB of data, including:
- Guest reservations with email addresses
- Employee personally identifiable data
- Transaction histories
- Invoicing documents
Unfortunately for Otelier, the threat group was not discovered quickly, either. They claim to have maintained access to Otelier’s systems for an alarming three-month period, from July through October 2024, which is likely why the pool of stolen data is so large.
In a statement to the media, Otelier explained that it has now recovered from the incident, and is proactively reaching out to affected customers.
“Our top priority is to safeguard our customers while enhancing the security of our systems to prevent future issues,” the company said. “Otelier has been in communications with its customers whose information was potentially involved. In response to this incident, we hired a team of leading cybersecurity experts to perform a comprehensive forensic analysis and validate our systems.”
Lessons learned
The Otelier breach serves as a stark reminder of the risks posed by compromised credentials. Just a single stolen password can trigger a huge breach, enabling threat actors to move laterally through your organization—without raising a single alarm.
More than that, though, this incident underscores the importance of supply chain security. Even if your own infrastructure is safe, you really are only as strong as your weakest supplier.
Just look at Marriott, Hilton, and Hyatt. Their employee and customer details are now exposed as a result of the Otelier breach. In fact, the threat actors reportedly send ransom notes to Marriott, asking for money to prevent the data being published.
Thankfully, there are simple steps organizations can take to mitigate the risks of this kind of incident. These are as follows:
- Implement multi-factor authentication (MFA): Ensure that MFA is fully integrated across your systems. MFA acts as a robust defense against account hijacking, making it far harder for attackers to exploit compromised passwords.
- Audit user accounts: Regularly audit user accounts to identify and deactivate unused or unnecessary accounts. Access should be limited to what’s absolutely necessary, adhering to the principle of least privilege.
- Enhance supply chain management: Adopt a zero-trust approach to supplier management. Implement tools such as Identity and Access Management (IAM) to ensure that only authorized suppliers can access sensitive information. Make it a standard practice to automatically encrypt any data shared with third parties, restricting access to verified users only.
- Invest in data-centric security tools: Deploy cloud-based data loss prevention (DLP) solutions to ensure that sensitive data is protected, regardless of where it resides. Context-based access controls—rather than role-based access alone—mitigate the risks associated with compromised accounts, offering added protection even when a legitimate user’s credentials are stolen.
Concerned sensitive data is exposed in your cloud apps? Sign-up for a free risk scan and take the first step towards reducing your attack surface.