UPDATED 21:53 EDT / AUGUST 29 2018

INFRA

130M customer records from Chinese hotel group found for sale on the darknet

Police in China are investigating the theft of data from a major hotel group after 130 million customer records were discovered for sale on the shady part of the web called the darknet.

The data pertains to the Chinese hotel group Huazhu Hotels Group Ltd., a Nasdaq-listed company with 3,903 hotels run under a range of its own brands as well as brands franchised from Accor S.A. They include Novotel, Ibis and Mercure, all popular with western visitors.

Discovered by a Chinese tech site and later reported by Bleeping Computer, the stolen data came in at 141.5 gigabytes. The 130 million records included customer names, mobile phone number, email address, ID number (including passport information), login account password, home address, birthdate, credit card number, check-in time, departure time, room number and spending amount.

The last check-in time in the file is Aug. 13, suggesting that the data breach was recent. The person selling the data, on an unnamed dark web site, is said to be demanding a payment of eight bitcoin for the data, equivalent to $56,244 as today’s exchange rate.

Whether the data was hacked, accidentally exposed or stolen by an insider isn’t yet clear. BJNews claimed the data dump came from a company programmer who initially uploaded the internal database to GitHub, but that doesn’t clarify if it was uploaded intentionally or, for that matter, how the data progressed from GitHub to the darknet.

Rod Soto, director of security research at JASK Inc., told SiliconANGLE that although the large number of data records is shocking, this infiltration doesn’t come as a huge surprise.

“The incident is similar in nature to large data leaks we’ve seen in the past where Amazon S3 buckets are left on the open internet without a password,” Soto said. That suggests the information may have been stolen from the GitHub upload, he said.

“Instances like this should hammer home the importance of taking proper security precautions when using any third-party cloud service because if they’re not configured properly, they can and will continue to lead to these types of massive breaches,” Soto added.

Photo: WhisperToMe/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.