Cybernews researchers uncovered an exposed server belonging to a threat actor that contained documentation of attacks against accommodation-sector companies, source code, hacking tool configurations, and stolen booking data.
Key findings:
- Researchers found at least 50 penetration test reports targeting accommodation companies.
- Researchers say the hacker bypassed LLM guardrails by disguising malicious intent as penetration testing.
- The attacker used HexStrike AI, an open-source tool that integrates large language models (LLMs), together with Anthropic’s Claude.
- The exposed server contained stolen booking-related data, including guests’ personally identifiable information (PII) such as names, emails and phone numbers.
- Researchers observed 2.1 million unique email addresses in exported files, which most likely correlated to the number of exposed individuals.
- The attacker took the server out of public view during the investigation, but the Cybernews team managed to identify at least 4 affected companies, including a Canadian one.
The leaked data included records from IGMS, a Canadian company that specializes in Property Management Software (PMS) development. Extracted data included host phone numbers, check-in and check-out dates, host emails, property address, and, in some cases, WiFi passwords. Researchers observed 1,400 records from IGMS.
The researchers warn that stolen reservation data can be used in highly convincing phishing campaigns, especially when attackers know guests’ names, travel dates, and reservation details.
For more information, here’s the full research: https://cybernews.com/security/claude-ai-exploited-breach-hotel-booking-platforms
Related
This entry was posted on June 23, 2026 at 8:34 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
AI-assisted hacking operation exposed records linked to Canadian hospitality software firm
Cybernews researchers uncovered an exposed server belonging to a threat actor that contained documentation of attacks against accommodation-sector companies, source code, hacking tool configurations, and stolen booking data.
Key findings:
The leaked data included records from IGMS, a Canadian company that specializes in Property Management Software (PMS) development. Extracted data included host phone numbers, check-in and check-out dates, host emails, property address, and, in some cases, WiFi passwords. Researchers observed 1,400 records from IGMS.
The researchers warn that stolen reservation data can be used in highly convincing phishing campaigns, especially when attackers know guests’ names, travel dates, and reservation details.
For more information, here’s the full research: https://cybernews.com/security/claude-ai-exploited-breach-hotel-booking-platforms
Share this:
Like this:
Related
This entry was posted on June 23, 2026 at 8:34 am and is filed under Commentary with tags Cybernews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.