The privacy of millions of Chinese hotel guests is at risk after hackers leaked their personal data online.

Calling themselves the “harbours of evil goods” – a reference to the Later Han dynasty – the miscreants gained access to the data after taking advantage of a security loophole in the software used by some of the most popular hotel chains in the country.

According to a report by the South China Morning Post, personal information – including booking details, names, phone numbers, email addresses and residential addresses – of an estimated 20 million individuals was compromised in the hack.

The hackers leveraged a flaw in the encryption technology found on the software created by CNWisdom, a Zheijian-based provider of wireless internet for hotels.

The leaked data can be found on at least three websites, as well as WeChat, a popular messaging service where the hackers have opened an account.