The breach was reported by the Chinese media after several cyber-security companies spotted the forum ad, according to Bleeping Computer. The seller said he obtained the data from Huazhu Hotels Group which operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities.
The data appears to be from customers who stayed at any of Huazhus hotel brands —Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, Haiyou.
The data believed to be sold online includes: official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number).
A Huazhu spokesperson did not answer a request for comment from Bleeping Computer, however the hotel chain published a statement on Chinese social network Weibo saying that the company is still investigating the breach and that authorities have been notified.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now