A Home Inn outlet in Tonghua, northeast China's Jilin province. Photo: Xinhua

Software loophole puts Chinese budget hotel guests' privacy at risk

Home Inn Hotels and the popular Hanting chain are reported to have used the faulty hotel management software

Published: 2:13pm, 11 Oct 2013

A security loophole in software used by some of China’s most popular budget hotel chains has put their customers’ privacy at risk, an independent internet security watchdog Wuyun.org revealed this week.

Home Inn Hotels, China's second-largest budget hotel chain and the popular Hanting chain, both Nasaq-listed, were among hotels to have used the faulty hotel management software, said Chinese media reports based on information released by Wuyun.org. Hanting has denied the accusation.

The hotel management software developed by Zhejiang-based CNWISDOM stored personal information belonging to their clients' customers on CNWISDOM servers, which were vulnerable to attack by hackers due to loopholes in CNWISDOM's encryption technology, said Wuyun.

Information obtained by a security watchdog. Photo: screenshot

Information engineers at Wuyun.org were able to obtain personal information of hotel guests by hacking into the faulty software. A sample document they posted online shows the names, ID numbers and check-in dates of customers.

Home Inn Hotels couldn’t be reached for comment on Friday. A spokesperson at Hanting told SCMP.com in a phone conversation that Hanting’s hotels never used the software in question. Hanting told Chinese media on Friday that despite being a business partner of CNWISDOM, it had only purchased hardware from the company.

CNWISDOM said in an online statement on Thursday that it had upgraded its software to fix the security issue.

Post