![Bell at a hotel desk](https://retailwire.com/wp-content/uploads/Booking.com-©DAVIT85-via-Canva.com_.jpeg)
©DAVIT85 via Canva.com
US Hotel Check-In Computers Infected With Spyware
May 23, 2024
The check-in systems at numerous hotels throughout the U.S. are operating a remote access application that is inadvertently exposing guest information screenshots to the internet.
A consumer-grade spyware app has been detected on the check-in systems of at least three Wyndham hotels across the U.S.
The pcTattletale application has covertly been taking screenshots of hotel booking systems, exposing confidential guest and customer data. Exploiting a security loophole in the spyware, these screenshots are now accessible to the general public online, rather than being restricted to the app’s actual users.
This incident highlights another instance of consumer-grade spyware revealing sensitive information due to inherent security flaws. It’s the second known occurrence where pcTattletale has leaked screenshots from the devices it targets. Over recent years, several other spyware applications have also exposed private and personal data due to security vulnerabilities or misconfigurations, leading to government regulators taking action in some instances.
pcTattletale enables its operator to remotely access both Android and Windows devices, along with their data, from anywhere across the globe. As stated on pcTattletale’s website, the app “runs invisibly in the background on their workstations and can not be detected.”
However, this vulnerability allows anyone with knowledge of the security flaw to retrieve the screenshots taken by the spyware directly from pcTattletale’s servers over the internet.
According to findings from security researcher Eric Daigle, the violated hotel check-in systems have come under scrutiny as part of an inquiry into consumer-grade spyware. These applications are commonly labeled as “stalkerware” due to their capability to monitor individuals, including spouses and domestic partners, without their awareness or approval.
Efforts were made by Daigle to alert pcTattletale about the issue, but he said the company has not acknowledged his warnings, leaving the vulnerability unaddressed. While some information about pcTattletale’s screenshot leakage issue was disclosed by Daigle in a brief blog post, specific details were deliberately withheld to prevent malicious exploitation of the flaw.
He wrote in his blog post, “Hopefully the stalkerware author(s) can be bothered to fix the issue soon, at which point I can give a full writeup. In the meantime, if you think you may be a victim of stalkerware, run an antivirus scan — on Windows, Windows Defender seems to catch most known tools, on Android I’ve heard good things about Malwarebytes — and have a look at the excellent advice from the Coalition Against Stalkerware.”
Recent News
Ritzy New York Restaurant To Close After Falling Victim to Cyberscam
Gotham Restaurant is facing hard times since the cyberattack.
Shopify Expands AI Capabilities To Attract More Businesses
Shopify has announced an expansion of its AI-powered tools to a wider user base.
Historic Hollywood Disney-Themed Cafe To Close After 78 Years
A historic Hollywood eatery based on one of Disney’s most iconic movies is set to close after 78 years in business.
Rally House Expands in Texas With First Houston Storefront
Rally House, the national sports and merchandise retailer, has announced the opening of its first Houston location, Rally House Houston Outlets, marking a significant milestone in the company’s expansion.