Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Chinese police arrest hacker who sold data of millions of hotel guests on the dark web

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Hacker was selling 141.5GB of data from Huazhu Hotels Group. He also attempted to blackmail the hotel chain to pay for its own data.

 

https://s7d5.turboimg.net/sp/8860ce39a8ccabf25a75cff1d0a0825b/istock-hotel-reception.jpg

 

Huazhu Hotels Group Ltd, a China-based hotel chain, announced this week that Shanghai police arrested the hacker who was selling data on millions of its customers online, on the dark web. The arrest was announced on Monday, September 17, by the hotel group in an investors message, and confirmed two days later by Shanghai police for Chinese media.

 

Police did not release the man's man, but according to local reports, the hacker is a 30-year-old man named Liu.

 

Investigators did not reveal any other details about the investigation, but according to previous reports, it appears that Liu may have gotten hold of the hotel chain's data when a developer accidentally uploaded part of its database on GitHub.

 

The hacker put the Huazhu data up for sale on a dark web hacking forum in mid-August, asking for 8 Bitcoin, which was worth around $56,000, at the time.

 

The data was sold in three file packages, for a total of 141.5GB. The data trove contained over 500 million records, comprising of 240 million pieces of content related to hotel stays such as name, credit card details, and mobile number; 123 million pieces of registration data recorded on the group's official website such as userID and login pin; and 130 million pieces of check-in data, including birthday and home address.

 

https://s7d4.turboimg.net/sp/155f2553177779708289e3a15716ffdc/china-hotel-leak.jpg

China hotel data sold on the dark web

 

 

The Huazhu Hotels Group is one of China's largest hotel chains, operating 5,162 hotels across 13 hotel brands across in 1,119 Chinese cities.

 

The data sold online was advertised to have originated from customers who stayed at Huazhu's hotel brands, such as Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, and Haiyou.

 

The hotel chain filed a police complaint on the same day news of the hack broke in Chinese media --August 28.

 

In its message to investors, the hotel chain said Liu was unsuccessful in selling the stolen data. They also said the hacker attempted to blackmail the hotel into paying for its own data by leveraging public pressure surrounding the public disclosure of the hack.

 

"To comply with laws and police protocols, the Company cannot disclose additional information on the case at this time," a Huazhu spokesperson said.

 

Source

Link to comment
Share on other sites
  • Views 613
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...