179GB OF SENSITIVE DATA belonging of the US Army and government personnel was exposed thanks to an unsecured cloud server run reservation platform AutoClerk.

The data leak was spotted and detailed by researchers at VPNMentor, which noted that the exposed database contained the personal data of users of AutoClerk as well as an overview of hotel guests and their travel reservations.

"In some cases, this included their check-in time and room number. It affected 1,000s of people across the globe, with millions of new records being added daily," the researchers said.

AutoClerk, which is used to handle reservations for hotels, was recently bought and deployed by the Best Western Hotel & Resorts Group, which VPNMentor said potentially meant one of the largest hotel chains in the world had its data exposed.

However, the data exposed didn't belong to regular holiday markers, but rather the US government and military staff.

"Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future," the researchers explained. "This represented a massive breach of security for the government agencies and departments impacted."

The unsecured database was discovered on 13 September and then closed 2 October after the VPNMentor got in touch with the US embassy in Tel Aviv; from what we can tell, the company has Israeli roots. US-CERT was initially contacted but failed to respond to the alert… one would have expected the US to take the exposure of military-related data rather more seriously.

Given 179GB of data is a healthy amount, there was scope for potentially malicious folks who might have stumbled across the unsecured database to cause all manner of havoc with the data it contained. But it looks like no nefarious fellows managed to get their mitts on the data.

Neither AutoClerk or Best Western has released a statement addressing the security snafu.

But the situation is yet another that highlights how sticking things on cloud-based servers might seem an easy way to store data but if strong security practices aren't implemented then it's an easy way to expose a lot of sensitive information to the wild west of the internet. µ