Hotel databases are a fantastic target for identity thieves. Hotels don't just hold credit card numbers and billing addresses (which are held for weeks in advance of a stay and for weeks afterwards to secure incidentals), but for many customers the hotel
also has their home address, driver licence number, airline memberships, and ... drum roll ... passport number, as frequently collected by hotels in Asia. It's a complete cornucopia for criminals.
And the most dangerous, most difficult to control threat vector in the hotel industry won't be war-driving or SQL injection attacks as used by the
Soupnazi hacker Albert Gonzales.
It will be the inside job.
How many thousand itinerant hotel workers in every corner of the world will have the opportunity to sneek into an admin office after hours, break into the network, and find their way into the central databases?
Surely counter terrorism agencies are working on this problem? With access to a global hotel chain's booking system, terrorists could work out when the and where the
next gathering of targets is going to happen, and they could track the travel habits and plans of all sorts of named individuals.
Stephen Wilson,
Lockstep.