The data comes from a common source. Pyramid has been relying on Wazuh, an open source intrusion detection system, and sending data from that software to an unguarded server. It included info dating back to April 19th and mostly focuses on connection info like server logins, internet addresses and firewall data, but it also includes the full names of hotel staff and security policy details.
Pyramid locked down the database roughly two days after VPNMentor brought it to the company’s attention.
It’s not certain if anyone accessed the database without permission, but the security risks were clear. It effectively served as a guide for potential intruders. If they acted quickly enough, they could have taken advantage of clearly identified gaps in the hotels’ defenses, not to mention compromised workers accounts. The discovery also shows that an unsecure database doesn’t need to directly store customer info to pose a clear threat to those customers.