Monday, December 19, 2022

Restaurant CRM platform SevenRooms confirms data breach

SevenRooms, a customer management platform (CRM) provider for restaurants,  has confirmed that a cybercriminal managed to obtain sensitive data on its customers, from its endpoints

In a statement issued to BleepingComputer, a company spokesperson said it, “recently learned that a file transfer interface of a third-party vendor was accessed without authorization”.

"This may have affected certain documents transferred to or by SevenRooms, including the exchange of API credentials (now expired), and some guest data, which may include names, email addresses and phone numbers."

Investigation underway

The company also said that its systems were not directly breached in the incident: "We immediately disabled access to the interface, launched an internal investigation, and we currently have no evidence that any of SevenRooms' proprietary databases were affected," the spokesperson clarified.

"We have retained independent cybersecurity experts to assist with this investigation and will provide additional updates as appropriate." The company did not say which firm was hired to lead the forensic analysis.

Still, whoever managed to access the database later advertised it on the Breached hacking forum, posting a forum thread saying they have a backup database of 427GB, holding thousands of files with info on SevenRooms’ customers. 

According to BleepingComputer, the company’s customers include MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolgang Puck, and others. The customer list is relatively extensive, and while SevenRooms did not say which firms were affected, we can only wait until individual restaurants come out with more details.

The attackers released a sample that held API keys, promo codes, payment reports, and reservation lists, among other things. Payment data, such as credit card information, bank account data, social security numbers, or similar, have not been compromised, as the company doesn’t store it on the affected servers, it was added.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/NoG0Cs9

No comments:

Post a Comment

You can now ask Claude to mimic your writing style

Anthropic is rolling out new ways for you to change how your Claude AI chatbot communicates with a new range of pre-set and custom writing ...