[BreachExchange] Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum
Destry Winant
destry at riskbasedsecurity.com
Thu Aug 30 08:49:26 EDT 2018
https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/
The breach was reported today by Chinese media after several
cyber-security firms spotted the forum ad [1, 2, 3, 4].
The seller said he obtained the data from Huazhu Hotels Group Ltd
(Huazhu from hereafter), one of China's largest hotel chains, which
operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities.
Forum ad claims to sell
According to a description the hacker posted online, the stolen data
is 141.5GB in size, contains 240 million records, with information on
roughly 130 million hotel guests that stayed at one of Huazhu hotels.
The following user data is believed to be sold online: official
website registration information (ID card number, mobile phone number,
email address, login password); check-in registration information
(customer name, ID card number, home address, birthday), and booking
information (name, card number, mobile phone number, check-in time,
departure time, hotel ID number, room number).
The data appears to be from customers who stayed at any of Huazhu's
hotel brands —Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel,
Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, Haiyou.
A Huazhu spokesperson did not answer a request for comment from
Bleeping Computer, but the hotel chain published a statement on
Chinese social network Weibo. A spokesperson said the company is still
investigating the breach and that authorities have been notified.
Breach traced to GitHub snafu
Chinese cyber-security firm Zibao told a local news outlet that
they've verified the data and said to be authentic.
A Zibao spokesperson, along with other security researchers, said they
believe the breach to have happened earlier this month.
They said the cause of the breach appears to be a mistake on the part
of the Huazhu's development team, who seem to have uploaded copies of
their database on a GitHub account.
More information about the BreachExchange
mailing list