Shanghai police are continuing their investigation of 130 million hotel guests’ personal information that has been exposed when accidentally released onto GitHub, a web-based code sharing and development platform.
Huazhu Hotels Group is one of China’s largest hotel chains, managing over 3,800 hotels across 382 cities in China. These personal details of 130 million hotel guest are being sold on the Chinese Dark Web for 8 Bitcoin ($56,000).
“Those who commit illegal acts including theft, trading and exchange of residents’ personal data will be heavily punished,” the Shanghai police say in a statement. “We are resolute in protecting people’s interest and ensuring information security.”
Chinese cybersecurity investigator Zibao announced that the data was most likely obtained when Huazhu programmers accidentally uploaded copies of their company’s databases in GitHub.
“Strangers would approach us for trading of personal data owned by our portfolio firms,” Yin said. “The potential risks are huge and such illegal behavior must be eradicated to pave the way for further development of digitalized businesses.”
These 130 million client records consist of phone numbers, home addresses, birthdates, email addresses, bank accounts, and hotel booking details (including payment information) — a total of 141.5 GB!
In further detail, the stolen information allegedly includes:
- User account data: 123 million records contain information customers used to register online with hotels, including ID card numbers, mobile phone numbers, email addresses and login passwords, totaling 53 GB of data.
- Check-in data: 130 million customers’ check-in registration information, including their identity card number, home address and birthday, totaling 22 GB of data.
- Hotel records: 240 million records pertaining to customers’ name, room number, mobile phone number, check-in and departure times and records of what they consumed, totaling 66 GB of data.
Like the rest of the world, China hasn’t been resistant to the increasing pace and severity of data breaches, as well as intensifying fears that the buying and selling of people’s personal information have been eroding their privacy.