A news was reported by Bleeping computers that a hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin on a Chinese Dark Web forum.
This security breach was reported today by Chinese media after many cyber-security firms noticed the forum ad.
The price for this vast data is 8 Bitcoin (around $56,000) and it includes official website registration information (ID card number, mobile phone number, email address, login password); check-in registration information (customer name, ID card number, home address, birthday), and booking information (name, card number, mobile phone number, check-in time, departure time, hotel ID number, room number).
The hacker alleges to have obtained the data from Huazhu Hotels Group Ltd, one of biggest Chinese hotel chains that operate 13 hotel brands across 5,162 hotels in 1,119 Chinese cities.
The data were of the guests who stayed at any of Huazhu’s hotel brands (Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, Haiyou).
It was published in the ad that the stolen data is included in an archive of 141.5 GB that contains 240 million records, with information on roughly 130 million hotel guests that stayed at one of Huazhu hotels.
On August 28th, the China Lodging Group provided a statement on the Weibo platform announcing that they have initiated an internal investigation and the hotel chain also reported the incident to the authorities.
According to the Chinese cyber-security firm Zibao, data are authentic and the incident likely occurred early August. The experts believe that the data are related to a new data leak and are not collected from previous data breaches. It is believed to be the data which was accidentally leaked by a programmer who uploaded to GitHub 20 days ago using a database connection.