Data breach affects over 130 million guests at popular Chinese hotel chain

Wednesday 29 August 2018 10:58 CET | News

Personal details of over 130 million guests at popular Chinese hotel chain have been put for sale for 8 Bitcoin (USD 56,000) on a Chinese Dark Web forum.

The breach was reported by the Chinese media after several cyber-security companies spotted the forum ad, according to Bleeping Computer. The seller said he obtained the data from Huazhu Hotels Group which operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities.

The data appears to be from customers who stayed at any of Huazhus hotel brands —Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, Haiyou.

The data believed to be sold online includes: official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number).

A Huazhu spokesperson did not answer a request for comment from Bleeping Computer, however the hotel chain published a statement on Chinese social network Weibo saying that the company is still investigating the breach and that authorities have been notified.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: data breach, hotel chain, China, dark web, online security, fraud prevention, Huazhu Hotels Group, credit card number, personal data
Countries: World

Industry Events