SevenRooms confirms breach after data leak

Share post:

SevenRooms, a restaurant customer relationship management (CRM) platform used by international restaurant chains and hospitality service providers such as MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolfgang Puck, and many more, has confirmed a data breach following the sale of stolen data on a hacking forum by a threat actor.

The information was discovered on the hacking forum ‘Breached,’ and the samples include text files containing client data, payment details, reservation information, and more.

According to the seller, there are 86,847 CSV files totaling over 427 GB. The files’ nature suggests that the company may have suffered a database leak as a result of a breach on one of its servers. Its samples include folders named after popular restaurant chains, SevenRooms customers, API keys, promo codes, payment reports, reservation lists, and more.

According to a third-party vendor, SevenRooms confirmed the data breach: “SevenRooms recently learned that a file transfer interface of a third-party vendor was accessed without authorization. This may have affected certain documents transferred to or by SevenRooms, including the exchange of API credentials (now expired), and some guest data, which may include names, email addresses and phone numbers. Our protocol is to not store credit card information in that space. SevenRooms does not collect social security numbers, bank account information, or similarly highly sensitive information from individual guests. We immediately disabled access to the interface, launched an internal investigation, and we currently have no evidence that any of SevenRooms’ proprietary databases were affected. We have retained independent cybersecurity experts to assist with this investigation and will provide additional updates as appropriate.”

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways