Threat actor shadowbyt3$ (We are ShadowByt3$) claimed responsibility for breaching Hotelogix in Singapore by exploiting misconfigured Amazon S3 buckets and Azure blob storage that allowed scraping of internal and client-specific data. They threaten to leak stolen files (including guest folios and payment-related details) unless a $500,000 BTC/Monero ransom is paid by April 14, and state the data will be released afterward. #Singapore
Incident Details
- Victim: Hotelogix
- Sector: Hospitality and Tourism
- Country: SG
- Actor: shadowbyt3$
- Source:
- Discovered: 2026-05-14T16:47:19.110857+00:00
- Published: 2026-05-14T16:47:17.424279+00:00
Information
- ShadowByt3$ claimed responsibility for breaching Hotelogix through misconfigured Amazon S3 buckets and Azure blobs.
- The attackers stated they were able to scrape the exposed contents and presented it as their latest campaign.
- They demanded $500,000 in BTC or Monero and threatened to leak all stolen data if payment was not made by April 14th at 12:20.
- They said the stolen material totals about 6 GB and that it would not be put up for sale.
- The leak reportedly includes internal corporate materials such as operational manuals, product upgrade PDFs, and branding assets.
- Client-related data allegedly taken from Treebo Hotels includes customer folios, guest stay details, and payment processing information.
- The exposed customer records may contain guest names, phone numbers, home addresses, arrival and departure dates, room numbers, and room types.
- Payment-related details may include last four digits of cards, transaction IDs, dates, billing amounts, and tax breakdowns.
Disclaimer: This post is based on public claims made by the ransomware group "shadowbyt3$". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.