More stolen customer data from Chinese hotel chain Huazhu being sold on the dark web

• The data being sold was not only the personally identifiable information (PII) of Chinese customers but also those from Western and East Asian countries.
• A total of 53 GB of data, including names, mobile phone numbers, email addresses, ID numbers, and residential addresses is up for sale.

In late August, security researchers discovered that the Chinese hotel chain Huazhu was hit by hackers in a massive breach that saw over 130 million customers’ data compromised. This data was later sold on a Chinese dark web forum.

Now, researchers uncovered that the data on the dark web did not include the personally identifiable information (PII) of Chinese customers, but also that of customers from Western and East Asian countries as well.

Three sets of data

A total of 53 GB of data including names, mobile phone numbers, email addresses, ID numbers, and residential addresses were spotted for sale. Another set of data a little over 22 GB which included information such as registered check-in time, customer name, ID number, home address, birthday, and internal ID number.

Researchers also discovered a third set of data amounting to a little over 66GB that included included customer names, room numbers, card numbers, mobile numbers, email addresses, check-in and departure times, and hotel ID numbers.

“These stolen data sets were released on August 14, 2018. Sample data was also available, offered in a compressed 1.37MB file,” Trend Micro researchers, who discovered the data, wrote in a blog. “Given the seeming profitability of stolen data, this advertisement naturally drew the interest of potential buyers. There is one particular buyer interested in female-only data. Another threat actor is selling a vulnerability in a hotel management system.”

PII data a staple on dark web

The three sets of data on the dark web indicate that the cybercriminals behind the attack on the Chinese hotel chain may have gotten their hands on more data than previously thought. According to security experts, PII is a staple on dark web marketplaces and they make cybercriminals good profits. This breach is yet another reason for organizations to implement comprehensive security.