Hotelogix
shadowbyt3$This record tracks a ransomware attack claimed by the shadowbyt3$ group against Hotelogix. It collects the publicly disclosed attack details — sector, location and timeline — as published on the operator's leak site and indexed by Breach House.
Window Zero
EXPOSURE GAPWindow Zero is the time the breach stayed in the open before anyone said so — the gap between when the attack was first discovered on the operator's leak site (t1) and when it was publicly disclosed (t2). The wider this window, the longer victims, staff and customers were exposed with no warning.
Attack Summary
We are ShadowByt3$. We have claimed responsibility for hacking Hotelogix. They have been breached through there amazon s3 buckets and azure blobs. They were misconfigured which allowed us to scrape everything inside. This has been are latest campaign. If you don't pay $500,000 in btc or monero all data gets leaked. We are not joking and not playing we will. As you can tell in the sample in the data leak site or url below. We are giving you until April 14th at 12:20 it expires. It gets released. DarkWebinformer if you see this contact us asap through are telegram. Any researchers you can contact them and verify data. Also let them know what we have and have 6gb of data. Tell them if they don't pay by that date they get released and is not being put up for sale. Make the right decision and just getting law enforcement involved is just going to make it worse and as you can see they are helpless and don't do shit about you and don't care about companies. Look at how many companies get reported to the feds, you really think there going to help you. If you do your wrong. You can try to stop us but it doesn't stop the leaks from already being leaked and passed around other researchers or criminals. The following below was stolen: 1. Internal Corporate Data This data pertains to Hotelogix's own business operations and software development: - Operational Manuals: Internal guides for staff on how to use and manage their cloud-based systems. - Product Upgrade PDFs: Documentation detailing recent or upcoming software updates, which can reveal specific system architectures. - Branding Assets: Official logos, templates, and marketing materials (often used by hackers to create more convincing phishing emails). 2. Client-Specific Data (Treebo Hotels) The most critical part of the breach involves data belonging to Hotelogix’s clients. For Treebo Hotels, the stolen files include: - Customer Folios (Invoices): As seen in your image, these contain guest names, phone numbers, and home addresses. - Guest Stay Details: Specific dates of arrival and departure, room numbers, and room types (e.g., "Promotional Room Rent Oak"). - Payment Processing Details: While full credit card numbers are often encrypted, "processing details" can include: Last four digits of cards. Transaction IDs and dates. Billing amounts and tax breakdowns (GST/SGST).
Leak Screenshots
SAMPLEProof-of-breach screenshots the operator posted from the stolen data. Previews are redacted and locked — the originals are available on HaveIBeenRansom.