[BreachExchange] Search engine for Japanese sex hotels announces security breach

Tue Jan 7 10:15:19 EST 2020

https://www.zdnet.com/article/search-engine-for-japanese-sex-hotels-announces-security-breach/

HappyHotel, a Japanese search engine for finding and booking rooms in
"love hotels," disclosed a security breach at the end of last year.

Love hotels are hotels built and operated primarily for allowing
guests privacy for sexual activities. Love hotels, also known as sex
hotels, are used by both married couples and cheating spouses, alike,
and are found all over the world, but they are particularly popular in
East Asia, and especially Japan.

DATA BREACH AT HAPPYHOTEL.JP

HappyHotel.jp is a website that operates similarly to Booking.com, but
lets registered users search and book rooms in love hotels across
Japan.

In a message posted on its website, Almex, the company behind the
service, said it detected unauthorized access to its servers on
December 22, last year.

The security incident is as bad as it gets, and hackers appear to have
gotten their hands on a wealth of sensitive user information.

According to Almex, the type of data that hackers might have accessed
includes details such as real names, email addresses, login
credentials (usernames and passwords), birth dates, gender
information, phone numbers, home addresses, and payment card details.

Almex reacted to the breach by suspending its website, located at
HappyHotel.jp, and posting a notice of the breach. The website has
been down ever since Christmas.

Gaming Policy

Computer games--including those installed from floppy disks, USB
"thumb" drives, CDs, DVDs, or accessed online or as part of any
massive, multiplayer network--present numerous risks to an
organization's computers, servers, systems, and networks....

Tools & Templates provided by TechRepublic Premium

"We sincerely apologize for the inconvenience and anxiety that may
have caused our customers and other concerned parties," Almex
leadership said in a message posted on the website.

Loveinn Japan, a second love hotel search engine managed by Almex was
also shut down, but the site did not feature a data breach notice, and
it is unclear if hackers stole user data from this portal as well.

An Almex spokesperson did not respond to a request for comment.

DATA NOT LEAKED ONLINE -- YET

The website's data doesn't appear to have been leaked online, at the
time of writing, according to a search ZDNet performed together with a
Japanese security researcher and a threat intel company.

The website's data is incredibly sensitive. The entire incident is
reminiscent of the Ashley Madison hack of 2015 when a hacker stole and
dumped online user data from AshleyMadison.com, a dating website
marketing itself as a go-to place for having an affair.

The HappyHotel data will, without a doubt, contain information about
individuals who booked rooms for extramarital sex and affairs.

If the site's data leaks online, those individuals will face extortion
attempts, similar to how Ashley Madison users faced blackmail attempts
for years. These extortion attempts had a severe toll on some Ashley
Madison users, with a few ending up taking their own lives.