Even as China has grown famous because of its Great Firewall that effectively blocks a majority of the Internet, it seems as though it still cannot patrol the alleys of the Dark Web. A hacker is selling the data and personal details of hotel guests on the Dark Web for 8 Bitcoin [BTC], as reported by Chinese media after they saw the forum post.
The data in question includes the personal details of over 130 million hotel guests from Huazhu Hotels Group. The data was around 141 GB in size, containing around 240 million discrete records.
It contained details such as the users’ mobile phone numbers, email addresses, login passwords, home addresses, names, card numbers and birthdays. It was sourced from hotels in the chain, namely Hanting Hotel, All Season, Starway, Ibis, Elan CitiGo, Orange, Grand Mercure and others.
A Chinese security firm known as Zibao reportedly said that they have verified the data and confirmed it to be real data and not a shuffling around of old data. After a more in-depth look, they also mentioned that the cause of the breach was that the members of the development team uploaded the database to a GitHub account.
The group released a statement that said [trans.]:
“There are a large number of users on the network [Dark Web] selling the property of Huazhu Hotels. This news has caused extremely bad public opinion. Our group attaches great importance to it and has carried out the verification internally to ensure the safety of guests’ information.”
They further went on to say:
“Our group has already reported it, public security organizations are conducting investigations. We have also hired professional technology companies to the relevant personal information that is peddled.”
They reminded the accused that selling or spreading personal information is in the violation of national laws, and will technically constitute a crime. Moreover, they stated that they reserve the right to pursue legal liability. A spokesperson from the Group stated that authorities have made progress but did not reveal any details as to the status of the investigation. Reportedly, the Shanghai police also stated:
“Those who commit illegal acts including theft, trading and exchange of residents’ personal data will be heavily punished.”
The seller of the data asking for Bitcoin as payment is no coincidence, as the Dark Web’s main form of transferring value is through cryptocurrencies. The choice of currency is puzzling, as Bitcoin’s blockchain is now under scrutiny by regulatory authorities, leading to a potential security compromise for the seller.