Security experts have discovered a cybercriminal selling data of 130 million hotel guests on a Chinese dark web forum. The stolen data is reportedly over 140 GB in size and is being sold for 8 bitcoins ($56,000).
The cybercriminal claims to have obtained the data from the Huazhu Hotels Group Ltd. - one of China’s largest hotel chains. The hotel chain reportedly manages over 3,800 hotels across 382 cities.
The data being sold on the dark web reportedly contains 240 million records that contains information on around 130 million guests that stayed in one of the many Huazhu hotels.
The data on sale includes information such as registration details, phone numbers, email addresses, home addresses, date of birth, payment card numbers, names, and booking information, Bleeping Computer reported.
Chinese security firm Ziabo has reportedly verified that the data up for sale on the dark web is authentic. Security experts at the firm believe that Huazhu may likely have suffered a breach earlier this month.
Huazhu said in a statement that it is investigating the matter. However, it is still unclear as to how the cybercriminal selling the stolen data managed to obtain the information. It is also unclear whether the hotel chain suffered a breach due to internal mismanagement.
“Those who commit illegal acts including theft, trading and exchange of residents’ personal data will be heavily punished,” the Shanghai police said, South China Morning Post reported. “We are resolute in protecting people’s interest and ensuring information security.”