Security expert Brian Krebs spotted this admission via a mandatory quarterly filing with the US Securities and Exchange Commission. It said Sabre was “investigating an incident of unauthorised access to payment information contained in a subset of hotel reservations processed through our Hospitality Solutions SynXis Central Reservations system.”
Sabre’s press statement said it had engaged security forensics firm Mandiant to support its investigation, and that it had notified law enforcement. “The unauthorised access has been shut off and there is no evidence of continued unauthorised activity.
There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected” Sabre’s statement read.
Corey Williams (left), senior director Products and Marketing at cyber security and identity access management specialist Centrify, said, “This latest data breach again demonstrated the vulnerability of password-based protection. Once more, we’re reminded of the danger of relying on passwords as the means of securing access to corporate systems, apps or data.
“Passwords are the number one security problem in the world. The only reliable defence against attackers is to enable two-factor authentication. Two-factor authentication involves combining an additional factor – such as a code sent to your phone via text, voice call or mobile app – alongside a password. This raises the bar for security, making it much harder for attackers to compromise work systems and data.”
Centrify says two-factor authentication will thwart the clear majority of hacks that target corporate employees, including those with excessive permissions. Organisations should be mandating the use of two-factor authentication whenever it is technically possible.