Brinztech Alert: 135k Easybooking Austria (Hotel Mgmt) DB on Sale ($370)

Dark Web News Analysis

A threat actor is advertising a B2B (Business-to-Business) database for sale on a prominent cybercrime forum, claiming it was stolen from Easybooking Austria, a major hotel and guesthouse management software provider.

The database allegedly contains 135,000 entries, which appear to be the company’s business clients (i.e., hotels, guesthouses, and other lodging providers), not individual travelers. The compromised data reportedly includes:

• Customer IDs (Hotel/Business IDs)
• Full Contact Details (Fax, Email, Phone Numbers)
• Physical Addresses
• Website URLs

The seller is offering samples, accepting forum escrow, and has set a “fire sale” price of just $370. This extremely low price is designed to ensure rapid, widespread, and uncontrolled distribution to a wide array of malicious actors, guaranteeing the data is weaponized immediately.

Key Cybersecurity Insights

This data leak presents several immediate, overlapping, and catastrophic threats to Easybooking’s entire client base:

• A “Goldmine” for Mass Business Email Compromise (BEC) Fraud: This is the most severe and immediate threat. The database is a “who’s who” of the Austrian hospitality sector. Attackers will use this list to launch hyper-personalized BEC and invoice fraud campaigns. They can perfectly impersonate Easybooking’s finance department and send fraudulent emails to all 135,000 clients (e.g., “Urgent: Your Easybooking subscription payment failed. Please use our new bank details to avoid service interruption.”).
• “Turnkey” Kit for Spear-Phishing & Initial Access: This is the #2 threat. Attackers can use a hotel’s real Customer ID and contact info to craft highly convincing spear-phishing emails. (e.g., “Login required to view your new [Customer ID]-invoice“). The goal is to steal credentials for the Easybooking management portal, gaining initial access to a hotel’s actual reservation system, which they can then hold for ransom or use to defraud guests.
• A Catastrophic, Finable GDPR Violation (Austria/EU): For Easybooking, this is a catastrophic compliance failure. As an EU (Austrian) company, it is subject to the General Data Protection Regulation (GDPR). This breach of their clients’ business PII (which is still personal data under GDPR) is a flagrant violation. The company faces a mandatory investigation by Austria’s DPA (Datenschutzbehörde), a 72-hour reporting deadline, and the certainty of crippling, multi-million-euro fines.

Mitigation Strategies

In response to a breach of this magnitude, Easybooking Austria and all of its clients must take immediate, decisive action:

1. For All Easybooking Clients (Austrian Hotels): Be on Maximum Alert for BEC Fraud. This is the critical defense. MANDATE out-of-band verification (e.g., a phone call to a known, trusted account manager, not a number from an email) for any request from “Easybooking” (or other vendors) to change payment details or “verify” credentials. Treat all such unsolicited emails as hostile.
2. For Easybooking (The Company): Mandate Credential Resets & Enforce MFA. The company must assume its clients’ portal credentials are at risk. It must immediately invalidate all passwords for its hotel management portal and enforce Multi-Factor Authentication (MFA) on all client and admin accounts to prevent attackers from using stolen credentials.
3. For Easybooking (The Company): Activate “Code Red” IR & Notify DPA. This is an existential, “house on fire” scenario. The company must assume a total compromise, immediately engage a digital forensics (DFIR) firm, and fulfill its legal obligation to notify the Austrian Datenschutzbehörde (DPA) of this high-risk breach within the 72-hour GDPR window.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? This analysis is based on threat intelligence from a dark web forum. Brinztech provides cybersecurity services worldwide and does not endorse or guarantee the accuracy of external claims. For any inquiries or to report this post, please email: contact@brinztech.com