UPDATED 21:53 EST / AUGUST 29 2018

INFRA

130M customer records from Chinese hotel group found for sale on the darknet

Police in China are investigating the theft of data from a major hotel group after 130 million customer records were discovered for sale on the shady part of the web called the darknet.

The data pertains to the Chinese hotel group Huazhu Hotels Group Ltd., a Nasdaq-listed company with 3,903 hotels run under a range of its own brands as well as brands franchised from Accor S.A. They include Novotel, Ibis and Mercure, all popular with western visitors.

Discovered by a Chinese tech site and later reported by Bleeping Computer, the stolen data came in at 141.5 gigabytes. The 130 million records included customer names, mobile phone number, email address, ID number (including passport information), login account password, home address, birthdate, credit card number, check-in time, departure time, room number and spending amount.

The last check-in time in the file is Aug. 13, suggesting that the data breach was recent. The person selling the data, on an unnamed dark web site, is said to be demanding a payment of eight bitcoin for the data, equivalent to $56,244 as today’s exchange rate.

Whether the data was hacked, accidentally exposed or stolen by an insider isn’t yet clear. BJNews claimed the data dump came from a company programmer who initially uploaded the internal database to GitHub, but that doesn’t clarify if it was uploaded intentionally or, for that matter, how the data progressed from GitHub to the darknet.

Rod Soto, director of security research at JASK Inc., told SiliconANGLE that although the large number of data records is shocking, this infiltration doesn’t come as a huge surprise.

“The incident is similar in nature to large data leaks we’ve seen in the past where Amazon S3 buckets are left on the open internet without a password,” Soto said. That suggests the information may have been stolen from the GitHub upload, he said.

“Instances like this should hammer home the importance of taking proper security precautions when using any third-party cloud service because if they’re not configured properly, they can and will continue to lead to these types of massive breaches,” Soto added.

Photo: WhisperToMe/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU