Last Updated: 2008-08-25 16:51:18 UTC - "The Sunday Herald reported on Sunday* that Best Western
was struck by a trojan attack that lead to the possible compromise of about 8 million victims
. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers who's first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts
- A trojan was installed on one of the machines in Best Western's booking systems which lead to a compromise of credentials for the hotel's staff. These credentials were attempted to (and probably successfully) sold to organizations with links to the Russian mafia.
- Best Western is and was PCI DCC compliant..."