Otelier

What Happened

In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "ayame@xmpp.jp".

Compromised Data

Email addresses
Names
Partial credit card data
Phone numbers
Physical addresses
Purchases
Travel plans

Recommended Actions

Monitor for Suspicious Activity

Watch for unusual login attempts, spam and phishing emails.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password

Breach Overview

  • Affected Accounts:

    436.9 thousand

  • Breach Occurred:

    July 2024

  • Added to HIBP:

    18 Jan 2025

Recommended Actions

Change Your Password

If you haven't changed your Otelier password since 2024, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts or messages from your account.

1Password

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password