1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Restaurant CRM platform SevenRooms confirms data breach

    From TechnologyDaily@1337:1/100 to All on Mon Dec 19 13:30:04 2022
    Restaurant CRM platform SevenRooms confirms data breach

    Date:
    Mon, 19 Dec 2022 13:08:46 +0000

    Description:
    A sample of the company's data allegedly showing API keys and guest data was published on an underground forum.

    FULL STORY ======================================================================

    SevenRooms, a customer management platform ( CRM ) provider for restaurants, has confirmed that a cybercriminal managed to obtain sensitive data on its customers, from its endpoints .

    In a statement issued to BleepingComputer , a company spokesperson said it, recently learned that a file transfer interface of a third-party vendor was accessed without authorization.

    "This may have affected certain documents transferred to or by SevenRooms, including the exchange of API credentials (now expired), and some guest data, which may include names, email addresses and phone numbers." Investigation underway

    The company also said that its systems were not directly breached in the incident: "We immediately disabled access to the interface, launched an internal investigation, and we currently have no evidence that any of SevenRooms' proprietary databases were affected," the spokesperson clarified.

    "We have retained independent cybersecurity experts to assist with this investigation and will provide additional updates as appropriate." The
    company did not say which firm was hired to lead the forensic analysis. Read more

    WhatsApp data breach sees nearly 500 million user records up for sale


    What is a data breach scanner, how does it work, and why does your
    business need one?


    These are the best malware removal tools

    Still, whoever managed to access the database later advertised it on the Breached hacking forum, posting a forum thread saying they have a backup database of 427GB, holding thousands of files with info on SevenRooms customers.

    According to BleepingComputer , the companys customers include MGM Resorts, Bloomin Brands, Mandarin Oriental, Wolgang Puck, and others. The customer
    list is relatively extensive, and while SevenRooms did not say which firms were affected, we can only wait until individual restaurants come out with more details.

    The attackers released a sample that held API keys, promo codes, payment reports, and reservation lists, among other things. Payment data, such as credit card information, bank account data, social security numbers, or similar, have not been compromised, as the company doesnt store it on the affected servers, it was added. Check out the best firewalls out there

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/restaurant-crm-platform-sevenrooms-confirms-dat a-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)