Best Western details hack of German hotel

The Best Western hotel chain has given details of a hack involving one of its hotels, but downplayed reports that 8 million customers have been affected.

In response to an article published in Scotland's Sunday Herald, Best Western rejected claims that it had suffered a massive compromise of customer details.

Best Western confirmed on Tuesday that it had suffered a breach at one of its German hotels, but denied Sunday Herald claims that every customer using Best Western European hotels since 2007 had had their booking details compromised.

"We can confirm that on 21 August, 2008, three separate attempts were made via a single logon ID to access the same data from a single hotel," said Best Western in a statement. "The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel's antivirus software."

Best Western insisted that the compromised log-in ID only permitted access to reservations data for the Berlin hotel. Moreover, Best Western said the log-in ID was immediately terminated, and the computer in question had been removed from use.

While the Sunday Herald estimated that 8 million people had been affected by the hack, Best Western claimed that only 10 customers had been affected.

"We can also confirm that we have been able to narrow down the number of customers affected by this breach to 10," said Best Western. "We are currently contacting those customers and offering assistance as needed."

Moreover, Best Western said that it "purges reservations data within seven days of guest departure, thereby limiting potential data exposure". The company added that it is working with the FBI and international authorities to investigate the incident further.

Speaking to ZDNet Asia's sister site ZDNet UK on Thursday, Bernhard Viets, manager of Best Western Hotel am Schloss Kopenick, said his staff had first been alerted to the presence of the Trojan through an alert from the hotel's Symantec antivirus software.

"We got the warning from the antivirus software and, after that, we turned off the systems and changed the systems," said Viets. "We cut off our Internet connection, informed IT, and turned everything off immediately. I don't know the details of the virus. It was only 10 people who were affected. The clients who were hacked have been informed."

One of the sources for the Sunday Herald story was Jacques Erasmus, a security professional at Prevx, a malware behavioral-monitoring company. Erasmus told ZDNet UK on Thursday that he had found out about the hack by monitoring an online credit card detail-trading forum, which he declined to name.

According to Erasmus, the forum is a trading network for Russian Business Network (RBN) users. The RBN is an alleged malware-hosting gang.

"What I found was on one of the top underground forums for the RBN trading network," said Erasmus. "There was an Indian hacker selling a log-in to [Best Western's] systems, with a screenshot, saying the log-in can get access to credit card numbers and card-verification codes."

Erasmus said it was unlikely that the hacker would have sold a log-in that would only have gained access to 10 people's details, as this would affect his standing in the criminal community.

"I've seen the kinds of deals this guy does; he's high-profile on the forum," said Erasmus. "The deals [he does] are for more than US$10,000. I really don't know whether he would stake his reputation on the forum for 10 [customer's details]."