Overview

• Independent collective Zerforschung reported trivial-to-exploit weaknesses in Gubse AG’s booking suite that could return full reservation lists and sensitive guest fields.
• Affected properties include all DJH youth hostels in several German states and about 50 Motel One hotels, with additional operators named in technical coverage.
• Gubse says it closed the vulnerabilities after disclosure and reported the incident to the Saarland data protection authority on 12 September.
• Motel One says current checks show no compromise of sensitive payment data and no evidence of data abuse, and it is notifying potentially affected guests.
• Researchers and consumer advocates urge guests to change passwords, watch for phishing, monitor account statements, and enable two‑factor authentication where possible.