Shares in Chinese online travel agent Ctrip plunge after hack attack stops service

PUBLISHED : Thursday, 28 May, 2015, 3:28pm
UPDATED : Thursday, 28 May, 2015, 7:33pm

The website of Ctrip, China's biggest online travel agent, was unresponsive for several hours today after it was hacked by unknown individuals.

The company's website and app were taken offline by an attack which began around 11am on Thursday, Ctrip spokesman Shi Kaifeng told the South China Morning Post.

But all data, including customer personal information and credit card information, was safe, he said.

Shi said the servers are still undergoing repair, and would not comment on when the company thought they would be back online.

A message on Ctrip's website directed users to eLong, another leading Chinese online travel agent.

Ctrip shares fell by almost 20 per cent in pre-opening trading on the US-based Nasdaq exchange, according to Wang Chao, a Hong Kong based analyst for Nomura.

"We can already see a very negative response from the market to the incident," he said, adding that it was too early to estimate just how much money the hack may have cost Ctrip.

"It depends on how long it takes them to repair the problem and how the mainland customers react to the incident," Wang said.

"If customers lose confidence in Crip, there are quite a few competitors in the market, like eLong and Qunar."

Last week, Ctrip bought a 37.6 per cent stake in eLong from US travel giant Expedia for around US$400 million.

Online, commenters complained that Ctrip had not apologised to its users for the break in service.

"It should at least say something on its WeChat or Weibo or let us know if our booking will work or not," said Eva Liu, a Shenzhen-based operations manager.

This isn't the first issue Ctrip has had with online security. In 2014, the company wrote to 93 customers warning them to cancel their credit cards after researchers discovered a loophole which made user information vulnerable to hacking.

Despite a statement from Ctrip that the loophole was closed in two hours, there was great public concern over the report which claimed that personal information including users' names, identification card number, credit card numbers, and three-digit card verification codes could be obtained by hackers, putting users at risk of fraud.

On Wednesday afternoon, Alipay, mainland China's biggest online payment service, stopped working for more than two hours. In a statement, the company blamed the incident on construction workers cutting underground telecom cables.

The service stopped working for online shoppers around 5pm. Many commented online that phone calls to Alipay's service centre went unanswered.

The company is owned by Alibaba-subsidiary Ant Financial Service Group. It controls more than 70 per cent of China's third-party payment market, handling around 10 billion yuan worth of transactions every day in 2014.