Now, this could easily be termed as one of the largest ever data hacks in the history of China. Reportedly, the data of roughly 130 million clients of the renowned Huazhu Hotels Group, China is up for sale at the Dark Web at the meager amount of 8 bitcoins (US$56,000). The price is extremely low considering the quality and a sheer number of data that has been leaked.
The incident is currently being investigated by the Shanghai Police department. The police released an official statement in this regard:
“Those who commit illegal acts including theft, trading, and exchange of residents’ personal data will be heavily punished. We are resolute in protecting people’s interest and ensuring information security.”
Huazhu group owns over 10 hotel brands in the country and is responsible for managing around 3,800 hotels across more than 380 Chinese cities. The data breach was reported by the Chinese hospitality industry giant after discovering a post on the Dark Web forum regarding the selling of personal data of its clients. The hacker openly mentioned that the data belonged to customers of the Huazhu Hotels Group. The for-sale data includes private information about Huazhu group’s guests too.
Reports suggest that around 240 million lines of data are being sold on the Dark Web. The hacked data contains ID card number, mobile phone number, bank accounts, login/password, check-in/departure time, hotel room number, room ID, card number, and email addresses. On the whole, the database contains website registration information, check-in registration information, and booking information. The database is roughly 141.5 GB in size and contains 240 million records of 130 million clients.
Initial investigations from a cybersecurity group Zibao revealed that the data might have been hacked in early August probably when the programmers at the hotel group uploaded information to GitHub. Beijing is also planning to intensify the efforts of taking down the illegal Dark Web forum in the country because it is causing too many data hacks. For instance, in April, an artist in China Deng Yufeng bought private information of nearly 346,000 residents in Wuhan from the Dark Web and exhibited them in an art gallery. However, the exhibition was called off by the authorities.
Huazhu has already acknowledged the data hack and announced that there has been substantial progress in the investigation. However, the company did not provide additional details. It is unfortunate that soon after the data hack was reported, the US-listed shares of the company fell by 4%, but there has been improvement lately.
Moral of the story: always keep your personal data hidden and secure as much as possible especially tax records, credit card information, Social Security number, and bank account information.