Huazhu Hotels Group Data Sold on Dark Web for 8 Bitcoins
Huazhu Hotels Group, one of the largest hotel operator in China suffered a massive Data Breach on August 28. Personal information of over 130 million guests is made available for sale by a Hacker on the Chinese Dark Web forum for just 8 Bitcoin ($54,306 U.S. Dollars).
Huazhu Hotels Group, established in 2005, manages more than 3,000 hotels in more than 370 cities in China and about 13 association of the Group, including Crystal Orange Hotel, Hanting Hotel, VUE, Grand Mercure Hotels and CitiGo, are said to be embroiled in the leak.
As reported by ChinaDaily,
“The information include 123 million pieces of registration data on Huazhu’s official website, such as name, mobile number, ID number and log-in pin; 130 million pieces of check-in records, such as name, ID number, home address and birthday; and 240 million pieces of hotel stay records, such as name, credit card number, mobile number, check-in and check-out time, consumption amount and room number.”
On August 28, a post was published by the Hacker on the “Dark Web” forum which was demanding 8 Bitcoins or 520 Monero (equaling $54,306 U.S. dollars) in exchange of the Stolen Data which is 141.5GB in Size and contains about 500 million pieces of clients information.
Qu Zilong wrote a post which was later reposted by official account reads that the reliability of the information stolen was relatively high.
Huazhu said that as soon as they got to know about Data Breach it had reported the leak to the police and had hired a professional technology company to verify that the Information available for sale on Dark Web was really from Huazhu and internal investigation are in operation to make sure that their client’s information is safe.
Further investigations by Zpower, an intelligence provider on anti-cyber crimes revealed that the leaked Data was real and the Data Breach might have occurred when the Huazhu’s programmers were uploading the database connections to GitHub.
The Law on the Protection of Consumer Rights and Interests stipulates operators should take technical and other measures to safeguard information security, to prevent leaking consumers’ private information.