Best Western details hotel hack

The Best Western hotel chain has given details of a hack involving one of its hotels, but downplayed reports that eight million customers have been affected.

In response to an article published in the Sunday Herald, Best Western rejected claims that it had suffered a massive compromise of customer details.

Best Western confirmed on Tuesday that it had suffered a breach at one of its German hotels, but denied Sunday Herald claims that every customer using Best Western European hotels since 2007 had had their booking details compromised.

"We can confirm that on 21 August, 2008, three separate attempts were made via a single logon ID to access the same data from a single hotel," said Best Western in a statement. "The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel's antivirus software."

Best Western insisted that the compromised login ID only permitted access to reservations data for the Berlin hotel. Moreover, Best Western said the login ID was immediately terminated, and the computer in question had been removed from use.

While the Sunday Herald estimated that eight million people had been affected by the hack, Best Western claimed that only 10 customers had been affected.

"We can also confirm that we have been able to narrow down the number of customers affected by this breach to 10," said Best Western. "We are currently contacting those customers and offering assistance as needed."

Moreover, Best Western said that it "purges reservations data within seven days of guest departure, thereby limiting potential data exposure". The company added that it was working with the FBI and international authorities to investigate the incident further.

Speaking to ZDNet.co.uk on Thursday, Bernhard Viets, manager of Best Western Hotel am Schloss Kopenick, said his staff had first been alerted to the presence of the Trojan through an alert from the hotel's Symantec antivirus software.

"We got the warning from the antivirus software and, after that, we turned off the systems and changed the systems," said Viets. "We cut off our internet connection, informed IT and turned everything off immediately. I don't know the details of the virus. It was only 10 people who were affected. The clients who were hacked have been informed."

One of the sources for the Sunday Herald story was Jacques Erasmus, a security professional at Prevx, a malware behavioural-monitoring company. Erasmus told ZDNet.co.uk on Thursday that he had found out about the hack by monitoring an online credit-card-detail-trading forum, which he declined to name.

According to Erasmus, the forum is a trading network for Russian Business Network (RBN) users. The RBN is an alleged malware-hosting gang.

"What I found was on one of the top underground forums for the RBN trading network," said Erasmus. "There was an Indian hacker selling a login to [Best Western's] systems, with a screenshot, saying the login can get access to credit-card numbers and card-verification codes."

Erasmus said it was unlikely that the hacker would have sold a login which would only have gained access to 10 people's details, as this would affect his standing in the criminal community.

"I've seen the kinds of deals this guy does; he's high-profile on the forum," said Erasmus. "The deals [he does] are for more than $10,000 [£5,460]. I really don't know whether he would stake his reputation on the forum for 10 [customer's details]."