Sabre rattled and hacked

Security expert Brian Krebs spotted this admission via a mandatory quarterly filing with the U.S. Securities and Exchange Commission (SEC). The filing stated Sabre was “investigating an incident of unauthorized access to payment information contained in a subset of hotel reservations processed through our Hospitality Solutions SynXis Central Reservations system.”

Sabre’s press statement stated it has engaged security forensics firm Mandiant to support its investigation, and that it has notified law enforcement. “The unauthorized access has been shut off and there is no evidence of continued unauthorized activity. There is no reason to believe that any other Sabre systems beyond SynXis Central Reservations have been affected” Sabre’s statement read.

SC Magazine US strongly suggests that compromised credentials may have contributed to this data breach.

{loadposition ray}

Corey Williams, Senior Director Products and Marketing at Cybersecurity and identity access management specialist Centrify, said, “This latest data breach again demonstrated the vulnerability of password-based protection. Once more, we’re reminded of the danger of relying on passwords as the means of securing access to corporate systems, apps or data.”

“Passwords are the number one security problem in the world. The only reliable defence against attackers is to enable two-factor authentication. Two-factor authentication involves combining an additional factor – such as a code sent to your phone via text, voice call or mobile app – alongside a password. This raises the bar for security, making it much harder for attackers to compromise work systems and data,” he added.

Centrify says two-factor authentication will thwart the clear majority of hacks that target corporate employees, including those with excessive permissions. Organisations should be mandating the use of two-factor authentication whenever it is technically possible.