A large cache of customer data from China’s Huazhu Hotels is reportedly being sold on the dark web. The 140 gigabytes of data includes the confidential information of an estimated 130 million Chinese customers, although this figure may be much higher. The asking price for the data has varied by news source, but the original asking price was eight bitcoins ($55,841.04). However, the seller reportedly lowered the price after the news broke to 1 bitcoin. The trove includes the email addresses, phone numbers, bank account information, home addresses, birth dates, guests’ arrival and departure times, and amounts paid.
The Huazhu Hotels data leak has put the confidential information of 130 million hotel guests at risk
Huazhu Hotels operates approximately 3,000 hotels in China under a variety of brands, including Ji Hotels, Joya Hotels, and Hanting Hotels, and ranks as the 12th largest hotel group in the world. The company also, through a partnership with AccorHotels, manages bookings and rewards for hotel brands like Ibis, Mercure, and Novotel in China.
The group recently acquired an additional 71.2 percent share of Blossom Hill Hotel Investment Management, raising its total stake in the company to 82.5 percent of shares. The Blossom Hill brand has its roots in Lijiang, Yunnan Province, and caters to high-end travelers with its boutique and luxury accommodation offerings.
The leak of the data from Huazhu was likely not the result of a hack or a direct breach of Huazhu’s network. Rather, it seems software developers worker for the hotel group uploaded the data to Github, a platform used to share data between collaborators, and then was somehow leaked to a third party.
Huazhu isn’t alone among major Chinese companies that have experienced major data leaks of user information in recent years
Leaked personal data by Chinese companies has been a recurring issue for years and has become increasingly prominent as China’s economy and its companies adopt digital technologies. Some of China’s biggest digital technology companies have been caught up in major leaks, including Baidu, Ele.me, and even Tencent-backed Meituan-Dianping.