Recently, private data of over 130 million Huanzhu Hotels clients surfaced on the dark web.
The personal information was on sale to anyone who could access the Chinese dark web portal, and it was going for just 8 Bitcoin (BTC), which translates to approximately $50,592 USD.
This is quite bizarre because it implies that a single individual’s private and sensitive information was going for around $0.00039.
If sensitive information falls into the wrong hands, it can spell catastrophe for the victims and other parties involved, which happens to be the hotel in this case.
Identity theft and fraud are real, thus is the need for tight cybersecurity.
Several security firms based in China received information which showed that Huanzhu Hotels’ sensitive information had leaked and was being sold on the dark web at a relatively low price.
The data was regarded as fairly credible because it contained private information which included:
- Check in registration details, such as name, ID number, birthday, address and internal ID number; this made up about 130 million records which took up about 53 Gigabytes.
- Hotel opening details, including hotel ID number, room number, card number, consumption amount, mailbox and check-in time. All this totaled 240 million records, which is about 66.2 Gigabytes.
- Webpage registration details. This included the information the hotel collected once a prospective client visited their website. They include a phone number, ID number, login password and email address. This totaled to 123 million records, which is about 53 Gigabytes.
Local reports suggest that the data leak may have occurred earlier in August when software engineers of the hotel conducted one of their operations which involved them handling the hotel’s data, which created an opportunity for the hack.
Huanzhu Hotels Group
Huanzhu Hotels Group is among the world’s largest hotel chains.
It boasts of thousands of hotels dispersed across 382 cities in China.
Founded in 2005, it has grown to become among the top 12 largest hotel groups in the world.
They are an upscale economy hotel chain and provide their clients with high-quality services to suit their needs, be it business or pleasure.
Every business relies on its goodwill to compete, grow and develop.
When a large business entity such as Huanzhu shows that it cannot secure the privacy of its clients, the value of its goodwill diminishes and limits its operation.
The hotel is expected to take a financial hit due to the severity of the hack.
This is standard in such situations—lawsuits and a decline in clients is expected, and this is why the hotel has invested in an independent cybersecurity firm to help them bring the criminals to justice.
Huanzhu brought in Zibao, a Chinese cybersecurity firm, to help aid in the investigation.
Zibao disclosed that they believe the hack took place when the hotel’s software experts were uploading some parts of the database to GitHub.
They also noted the hotels under Huanzhu that had been affected are Yi, Mercure, CitiGo, Haiyo, Elan, Ibis, Styles, Hanting, Novotel, Orange, Stairway and Grand Mercure.
Shanghai’s police force has also been involved in the case, and they have issued a stern warning to those involved in the hack.
Much cannot be disclosed at this point because it’s an ongoing investigation.
In recent months, China has tried to limit the use of Bitcoin and other cryptocurrencies within its borders because they believe it leads to serious cybercrime incidents like this one.
However, with the high level of creativity and ingenuity of cybercriminals, this has proved to be a difficult task for the Chinese government.
In a recent statement, the hotel said that the media coverage through this difficult time for them was hurting their business and that they had hired additional help to aid them in their pursuit of justice.
Furthermore, they added that selling stolen personal information regardless of its source is wrong and criminals practicing this activity should stop immediately.
Lastly, they added that they reserve the right to press charges against anyone who infringes their rights or the rights of their clients.
Though Chinese authorities have not had that much success in dealing with this kind of cybercrime operation, they have extra help from professionals and the investigation is still underway.