Huazhu Hotels customer PII found for sale on the Dark Web

Trend Micro researchers believe the data involved in the Huazhu Hotels Group breach has already appeared for sale on the Dark Web.

The stolen PII from the hotel customers was found when an advertisement on the Dark Web was seen that matched the data involved in the breach. The asking price for the information was 8 bitcoin, or about $58,000, Trend Micro said.

In addition, any potential criminal buyer would also receive customer information such as registered check-in time, customer name, ID number, home address, birthday, and internal ID number for the 130 million or so affected individuals.

Bitcoin is the primary currency used by cybercriminals.
The data was on sale for 8 bitcoin.

The amount of detail available drilled down to customer room numbers is quite detailed.

“The advertisements claimed that the stolen data included names, mobile phone numbers, email addresses, ID numbers, and residential addresses, among others, totaling up to 53GB (about 123 million records),” the research firm reported.

And there was more found.

A 1.4GB file included customer names, room numbers, card numbers, mobile numbers, email addresses, check-in and departure times, and hotel ID numbers, Trend Micro said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.