Chinese police arrest hacker who sold data of millions of hotel guests on the dark web

Huazhu Hotels Group Ltd, a China-based hotel chain, announced this week that Shanghai police arrested the hacker who was selling data on millions of its customers online, on the dark web. The arrest was announced on Monday, September 17, by the hotel group in an investors message, and confirmed two days later by Shanghai police for Chinese media. Police did not release the man’s man, but according to local reports, the hacker is a 30-year-old man named Liu.

TechRepublic: Jackpotting cyberattack hits US, forces ATMs to spit out money for hackers Investigators did not reveal any other details about the investigation, but according to previous reports, it appears that Liu may have gotten hold of the hotel chain’s data when a developer accidentally uploaded part of its database on GitHub. The hacker put the Huazhu data up for sale on a dark web hacking forum in mid-August, asking for 8 Bitcoin, which was worth around £56,000, at the time.

The data was sold in three file packages, for a total of 141.5GB. The data trove contained over 500 million records, comprising of 240 million pieces of content related to hotel stays such as name, credit card details, and mobile number; 123 million pieces of registration data recorded on the group’s official website such as userID and login pin; and 130 million pieces of check-in data, including birthday and home address.

China hotel data sold on the dark web

Image: Weibo

CNET: Forget debit cards. This is how you’ll use your phone at the ATM

The Huazhu Hotels Group is one of China’s largest hotel chains, operating 5,162 hotels across 13 hotel brands across in 1,119 Chinese cities.

The data sold online was advertised to have originated from customers who stayed at Huazhu’s hotel brands, such as Hanting Hotel, Grand Mercure, Joye, Manxin, Novotel, Mercure, CitiGo, Orange, All Season, Starway, Ibis, Elan, and Haiyou. The hotel chain filed a police complaint on the same day news of the hack broke in Chinese media –August 28. Also: Hackers swipe card numbers from local government payment portals

In its message to investors, the hotel chain said Liu was unsuccessful in selling the stolen data.

They also said the hacker attempted to blackmail the hotel into paying for its own data by leveraging public pressure surrounding the public disclosure of the hack.

“To comply with laws and police protocols, the Company cannot disclose additional information on the case at this time,” a Huazhu spokesperson said.

Related coverage:

You may also like...

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games