SevenRooms restaurant CRM platform confirms data breach
SevenRooms, a customer management platform (CRM) supplier to restaurants, has confirmed that the cybercriminal has managed to obtain sensitive data about its customers, from final point (opens in a new tab).
In a statement given to BleepingComputerA company spokesman said it was “recently learned that a third-party vendor’s file transfer interface has been accessed without authorization”.
“This may have affected some documents transferred to or by SevenRooms, including the exchange of (now expired) API credentials and some guest data, which may include names, email address and phone number.”
investigation is underway
The company also said its systems were not directly compromised in the incident: “We immediately disabled access to the interface, conducted an internal investigation, and we are currently not there is evidence that any of SevenRooms’ proprietary databases were affected,” the spokesperson clarified.
“We have hired independent cybersecurity experts to assist with this investigation and will provide additional updates as appropriate.” The company did not say which company was hired to conduct the forensic analysis.
However, whoever managed to access the database later advertised it on the hacking forum Breached, posting a forum thread saying they had a 427GB backup database, containing thousands of files with information SevenRooms customer information.
Based on BleepingComputer, the company’s clients include MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolgang Puck and others. The customer list is relatively extensive, and although SevenRooms did not say which companies are affected, we can only wait until each restaurant provides more details.
The attackers released a sample containing API keys, promo codes, payment reports and booking lists, among other things. Payment data, such as credit card information, bank account data, social security numbers or the like, was not compromised because the company did not store it on the affected servers .
Via: BleepingComputer (opens in a new tab)