What are the implications of the suspected leak of 500 million yuan of information on Huazhu’s hotels?

Room booking records of Huazhu Group’s hotels are suspected to have been leaked, involving a total of about 500 million pieces of citizens’ personal information. Once the matter was disclosed, it immediately aroused public concern.

This information leakage was first discovered by the "Network Knife" team of the private non-enterprise-run Internet security organization and the Internet security manufacturer Zibao Technology, and analyzed that the programmer with the Github ID DENGXIANGLONG001 (suspected to be Huazhu programmer), once uploaded a CMS project on GitHub (a hosting platform for open source and private software projects). The project's configuration file code contained Huazhu's sensitive server and database information, which was exploited by hackers and leaked. .

On the evening of August 28, Qu Long, founder of the "Network Sharp Knife" team, said that the reason for the above leakage was inferred based on the upload time and content of the information, but Huazhu Group still needs to conduct self-examination.

Many network security professionals told The Paper that such problems are mostly due to the company’s internal security management and employees’ overall lack of security awareness. This type of information leakage is likely to have entered the network black industry chain. The impact may be difficult to remedy.

Qu Long said that the top priority is to minimize the impact as much as possible. It is recommended that Huazhu Group first conduct an internal investigation and verify whether there is a leak, and at the same time activate a safety emergency response plan.

In response to this, the customer service staff of Huazhu Group responded to The Paper on the evening of August 28, saying that Huazhu Group attaches great importance to this situation. First, it has started internal verification. Secondly, the company immediately called the police. The authorities have already intervened. Third, Huazhu hired an online technology company to verify and investigate whether the information leakage originated from Huazhu.

In addition, the official Weibo of Shanghai Changning Public Security Bureau also released news on the evening of August 28, saying that the police had intervened in the investigation.

According to the information disclosed by Zibao Technology and "Network Sharp Knife", the scope of the leaked data includes three aspects: Huazhu official website registration information, check-in identity information and hotel booking records. The scope of the hotel involved is Huazhu. There are many hotel brands under the Group such as Hanting, Grand Mercure, Xiyue, Novotel, Mercure, CitiGO, Orange, All Seasons, Starway, Ibis Styles, Ibis, Elan, and Hi Inn.

According to the above disclosed information, the total number of data leaked this time reached 500 million, of which Huazhu official website registration information includes ID card, mobile phone number, email address, ID number, login password, etc.* **53G, about 123 million records; check-in identity information includes name, ID number, home address, birthday, internal ID number, ***22.3G, about 130 million records; hotel booking records include internal ID number, same ID number, etc. Room related number, name, card number, mobile phone number, email, check-in time, departure time, hotel ID number, room number, consumption amount, etc., ***66.2G, about 240 million items.