What is the issue?
A misconfigured database belonging to Amadeus’ Alp.co.il, which is used as a booking service for several Israeli travel companies including Inbal, was left open to the public.
What was exposed?
The database contained information on 36 million booked flights, 15 million passengers, over one million hotel bookings, and 700,000 visa applications.
Information on international travel plans of high-ranking Israeli diplomats including Israeli Prime Minister Benjamin Netanyahu has been exposed.
The big picture
An anonymous person who identified himself as a hacker contacted Calcalist and notified about the leaky database. Upon which, Calcalist investigated about the database and notified the Israeli National Cyber Directorate of the data leak.
A spokesperson for Amadeus’ Israeli subsidiary said that the company identified a failure in the security definitions of its database used by Israeli travel agents on May 20, 2019, which allowed unauthorized access to data.
However, the travel company’s security team has addressed the issue immediately and the problem has been fixed.