Hackers have shared a database exposing 642,000 individuals’ personal information, including full names, email addresses, job titles, and the company they work for. The data allegedly comes from one of the world’s largest hospitality providers, Accor.
The data was posted on the illicit forum BreachForums basically for free by the prolific threat actor known as IntelBroker.
“In March 2024, Accor.com, a French multinational hospitality company, suffered a data breach that led to the exposure of 642K users' personal information,” IntelBroker claims.
The data sample provided includes personal information that matches social media profiles. The records within the small sample are all dated on the 25th of June, 2021.
Cybernews couldn’t confirm the authenticity of the data. We reached out to Accor for clarification and are awaiting a response.
French data protection agency CNIL (Commission Nationale Informatique & Libertés) is currently investigating the leak.
“I can confirm that we received a data breach notification about Accor, and the CNIL is investigating. I cannot give you more information for the moment,” the spokesperson for CNIL commented.
“As the leaked information provides a detailed profile of individuals with their email addresses and job descriptions, it can be used for phishing attacks or targeted scams. Threat actors could exploit this data to craft convincing social engineering attacks, gain unauthorized access to personal accounts or sensitive corporate information, and commit various forms of fraud or exploitation,” the Cybernews research team warns.
IntelBroker also seems to like publicity as it tried to garner attention by teasing the breach in advance on X, researchers have observed.
Accor is one of the world's largest hospitality groups, operating more than 5,600 properties in 110 countries, 10,000 food & beverage venues, wellness facilities, and flexible workspaces, according to last year’s financial report. The diverse ecosystem includes 45 hotel brands: Luxury (Raffles, Fairmont, Sofitel), premium (MGallery, Pullman, Swissôtel), midscale (Novotel, Mercure, Adagio), and economy (ibis, hotelF1).
Headquartered in France, Accor is publicly listed on the Euronext Paris Stock Exchange, with a market capitalization (company value) of €10.5 billion. The group’s revenue last year was €5.06 billion.
Meanwhile, IntelBroker continues its onslaught of breaches. Just recently, it leaked data from PandaBuy and HomeDepot. Previously, the same hackers stole data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.
Updated on April 16th [06:30 a.m. GMT] with a comment from French data protection agency CNIL.
Your email address will not be published. Required fields are markedmarked