This tool allowed the intruder remote access to the server, which he used to exfiltrate data. The incident came to light when FastBooking employees discovered this malicious tool on its server. According to FastBooking, the intruder stole information such as a hotel guests' first and last names, nationality, postal addresses, email addresses, and hotel booking-related information (hotel name, check-in, and check-out details). In some cases, but not all, the intruder also obtained payment card details were also stolen, such as the name printed on the payment card, the card's number, and its expiration date. Get the full story at Bleeping Computer