back to article Chinese hotel chain warns of massive customer data theft

China’s largest hotel chain is investigating an apparent data theft that is said to involve as many as half a billion pieces of information. The Xinhua state news agency says Shanghai Police are investigating what looks to be a credible post on a darknet site advertising the sale of nearly 500 million pieces of data reportedly …

  1. eldakka Silver badge
    Coat

    I guess this means that a Chinese government system was hacked?

    1. AndyS

      Why do you guess that? Not only does the article fail to mention the Chinese government, it actually explains how the data theft happened.

      Did the Talk Talk data leak implicate the UK government?

      1. eldakka Silver badge

        You ever hear of this thing called 'a joke', the sort of thing implied by the hat-and-coat icon?

        Many people imply, if not outright accuse, so many Chinese companies of being an extension of the Chinese government - Huawei, ZTE, etc. that I was tongue in cheek playing on that concept.

  2. Anonymous Coward
    Anonymous Coward

    GDPR

    Has to be some European Travelers in that 150m guest list. I might be one... The Chinese won't like being told to pay up either. It raises the larger question though, of when will firms stop hoarding data that they don't really need but think might be useful to monetize someday.

    A CloudFog warning is needed here too. Juicy data needs tighter controls. If its sitting in a data locker next to some other data its just far too easy for someone to upload it all to the Cloud. You could fly Air-Canada and stay in a Huazhu hotel this week and be really screwed over!

    1. Anonymous Coward
      Anonymous Coward

      'will firms stop hoarding data they don't need'

      Its at the point now, that Firms just can't be trusted to KEEP any user data anymore, because they simply can't!!! There's no magic seal. Everything can be exposed / leaked / breached / hacked given enough time and resources by adversaries, or greed, cost cutting and stupidity by internal or outsourced staff.

      Cloud migration is a bad joke and total LIE regarding data protection. Cloud bonuses all round today. But the sad reality is, future staff must deal with the fallout of protecting user data. Which will be protected to the highest standards of the-only-real-thing protecting anyone's data: Layers of PR BULLSHIT...

  3. Mark 85 Silver badge

    Turn about then?

    If turn about is fair play then it's about time that Chiinese companies started getting hacked. I'm waiting to hear about one of their manufacturing corporations having proprietary data taken by hackers.

    1. Tigra 07 Silver badge
      Pirate

      Re: Turn about then?

      There wouldn't be much point. If Ford hack their companies and steal they'll either get their own proprietary data back for zero gain - or worse, find out the Chinese car manufacturers are decades behind and have nothing of use to Ford.

  4. Phil Kingston Silver badge

    Real culprit here is the hotel group for holding onto data long after it was needed.

    1. StuntMisanthrope Bronze badge

      Good point.

      I couldn't recommend the anonymisation of all financial data more verified by checksum. Stops the old expenses compilation. #itsalevelplayingfieldafterall

    2. agurney

      "Real culprit here is the hotel group for holding onto data long after it was needed."

      Nope. Under China's cybersecurity laws, hotels are obliged to keep information about guests.

      1. Phil Kingston Silver badge

        That explains it. But that's a poor law if it means they have to save years old credit card information.

      2. Anonymous Coward
        Anonymous Coward

        "Real culprit here is the hotel group for holding onto data long after it was needed."

        Nope. Under China's cybersecurity laws, hotels are obliged to keep information about guests.

        In another word, Real culprit is China, for wanting control over personal information and removing encryption.

  5. Anonymous Coward
    Anonymous Coward

    For those interested : Huazhu operates Joya Hotel, Manxin Hotels & Resorts, Ji Hotel, Starway Hotel, HanTing Hotel, Elan Hotel, and Hi Inn. I wanted to check since I visit China from time to time.

  6. Pascal Monett Silver badge

    Inside job / 8 bitcoin per record

    I smell a guy who had the data and got the bright idea to add another line to his revenue stream.

    Anybody else think that 8 bitcoin is a tad expensive for info on one ID ?

    1. Cuddles Silver badge

      Re: Inside job / 8 bitcoin per record

      "Anybody else think that 8 bitcoin is a tad expensive for info on one ID ?"

      The article doesn't say that's the price for one ID.

  7. Anonymous Coward
    Anonymous Coward

    Inside job / 8 bitcoin per record

    Alternatively the data - or rather the *bulk* data doesn't exist, and someone is chancing that companies will pay up "just to be sure" ?

    During the IRAs mainland campaign, more than one smartarse had the idea of pretending they'd planted a bomb, and demanding a few quid from the targeted store not to trigger a (very costly) evacuation. Bearing in mind any losses due to having to shut on a busy Saturday aren't recoverable from insurance, £1,000 or so may seem a reasonable fee.

  8. StuntMisanthrope Bronze badge

    Data and Payment Protection Laws of the World.

    You'll need a ream of paper and there is a big space in one area. Also, it's not impossible but an infrastructure cloud has bigger guns, big pockets and bucks to catch. Even important people have to travel. #dontknowwhatyoureonabout

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019