Hackers in China have leaked a database of an estimated 20 million hotel reservations on multiple websites and even WeChat, the wildly popular messaging service, reflecting failed government efforts to prevent massive leaks of personal data.
Online security watchdog WooYun said in September that hackers had taken advantage of a security loophole at CNWisdom, a Zhejiang-based company that calls itself the country’s largest provider of wireless internet for hotels, to gain access to thousands of records of hotel bookings, including details such as phone numbers, e-mail addresses and residential addresses.
CNWisdom said at the time that the fact that hotels which were not among its clients had also been affected by the leak suggested another source for the leak. A website that sprung up offering the data was quickly shut down, but as of December, the data has spread.
Hackers, who identify themselves as “harbours of evil goods,” a wordplay from a saying originating from the annals of the Later Han dynasty, have even popped up on a WeChat account. Users can text an ID-card number and an automated service will trawl the data to reveal contact details and hotel booking information. The operators of the WeChat account did not reply to emailed requests for comment.
Websites with the leaked data, of which there are at least three, offer easier search functions and reveal detailed bookings including phone numbers and birthdates with name search functions. Peer-to-peer file-sharing sites are also offering the data.
Last week, the Yangcheng Evening News reported on the cancellation of a wedding in Shanghai after the prospective wife found her would-be husband’s extensive hotel bookings among the leaked data.
The newspaper argued that private information should be better safeguarded by law.