One of the largest data leaks in China’s history has potentially just occurred, with a hacker or group of hackers recently revealing that he/she/they had garnered sensitive data from over 130 million individuals.
As per a report from The Next Web’s Hard Fork column, the hacker recently made a move to sell the aforementioned data for 8 Bitcoin ($56,000) on a China-based dark web portal. According to a post made by the seller, the data was gathered from a security breach of the Huazhu Hotels Group, which is one of China’s most influential local hotel chains, with over 10 individual brands that span across 3,800 hotels in over 380 mainland cities.
Image Courtesy of BleepingComputer.com
Per a report from the Bleeping Computer, the data, which amasses to a reported 141.5 gigabytes in size, is believed to contain 240 million individual records from 130 million guests that have stayed at any number of Huazhu’s establishments in the past. The speculated details of the data leaked are as follows:
Official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number)
Zibao, a China-based cybersecurity group, speculated that the data was likely leaked when Huazhu programmers or developers uploaded some segments of their firm’s database to Github earlier this month. Since finding out about the hack, the hotel chain has acknowledged this unfortunate occurrence, revealing that some progress has been made in a company-run investigation, but did not give any specifics regarding the case.
Along with facilitating an internal investigation, Huazhu has also sought the help of the Shanghai police, who have come out in solidarity with the accommodation giant in an apparent show of force. A police release noted:
Those who commit illegal acts including theft, trading and exchange of residents’ personal data will be heavily punished. We are resolute in protecting people’s interest and ensuring information security.
While the data leaked may not hold too much value (Ex. lack of credit card info, passport information etc.), it is apparent that local authorities are doing their best to crack down on this illegal occurrence. Following the release of this announcement, the US-listed shares of Huazhu, dubbed China Lodging Group by some, fell by upwards of 4%, but have since recovered.
As China has been cracking down heavily on the crypto industry, the use of VPNs and similar privacy features may become the only way for users to transact, trade, and discuss crypto assets soon enough.
Photo by Markus Spiske on Unsplash