Hotel customer info vulnerability “threatens family harmony”

by Eric Mu on October 16, 2013

WooYun.org, a Chinese Internet security forum that publishes information about security loopholes, recently issued a warning about the data security of hotel records. Such information — including customers’ IDs, room numbers, and check-in and check-out times — is stored on the severs of hotel management software providers and can be obtained relatively easily and used for purposes that some worry that can “undermine the harmony of families,” in other words used for blackmail or to reveal infidelities.

Separately, the Qingdao Evening News reports that some such information is currently on sale on the online marketplace Taobao. A journalist contacted one vendor who offered to provide all hotel records associated with one ID number for 1,500 yuan per person. The article also says such companies can delete hotel records for a fee.

The article mentions two hotel brands that have been affected: Home Inn, and Hanting, (China Lodging Group).

Companies affected
Home Inn (Nasdaq:HMIN)
China Lodging Group (Nasdaq:HTHT)