In 2015 a group calling themselves the Impact Team hacked the user information of Ashley Madison, the Canadian website that facilitates extra-marital affairs.
Million of account details were released to the public, leading to the break-up of marriages, people losing their jobs for having affairs and in at least one case, a suicide by a pastor who had used the site to cheat on his wife.
Last week a much bigger data breach occurred in China when the personal details of 150 million customers of hotels belonging to the Huazhu Group were offered for sale on the dark web.
Netizens were quick to spot the potential overlap in the two cases. Huazhu operates 18 hotel brands in China including that of French hotel group AccorHotel’s Mercure and Ibis hotels. Thirteen brands were affected in total, including the affordable Hanting chain which is found in most Chinese cities. One in 10 Chinese is said to have stayed at a Huazhu managed hotel (it operates 4,000 nationwide).
If the check-in data from Huazhu’s extensive network were to become public, some adulterous spouses might have some explaining to do.
“I wonder how many unfaithful men are feeling hot under the collar tonight,” mused one weibo user, after the news of the hack emerged on August 28. “The divorce courts will be busy if this data gets out,” predicted another (for more on divorces, see page 17).
Thus far only a small part of the stolen data has been made public – just enough for potential buyers and investigators to verify that it is probably real.
Originally the sellers, calling themselves Helen250, wanted eight Bitcoin (1 Bitcoin is currently worth $7,350) for the 141 gigabyte cache. But as news of the hack spread the price dropped to one Bitcoin, presumably in order to offload the stolen data as quickly as possible.
The respected IT website AI Caijing said the personal data hack was probably the largest China had seen in the last five years, while cyber-security firm Zibao – which verified the data – said the breach was made possible by a mistake on the part of the Huazhu’s development team, which seems to have uploaded key information to public coding platform Github.
Police in Shanghai, where Huazhu is based, confirmed they had launched an investigation into the breach, adding that “organisations in possession of citizens’ personal information should bear the primary responsibility [for safeguarding it] and should strengthen its security”.
In a statement also released on August 28 the company reminded the hackers they were trading in illegal information and told them to give themselves up.
Of course data breaches are nothing new in China. But as people live more of their lives online – shopping, booking medical appointments, paying their taxes – there is greater need for protection.
In April artist Da Yufeng illustrated just how easy it is to buy personal data in China by purchasing detailed information on 340,000 people and putting it on display in a Wuhan gallery (see WiC405).
© ChinTell Ltd. All rights reserved.
Sponsored by HSBC.
The Week in China website and the weekly magazine publications are owned and maintained by ChinTell Limited, Hong Kong. Neither HSBC nor any member of the HSBC group of companies ("HSBC") endorses the contents and/or is involved in selecting, creating or editing the contents of the Week in China website or the Week in China magazine. The views expressed in these publications are solely the views of ChinTell Limited and do not necessarily reflect the views or investment ideas of HSBC. No responsibility will therefore be assumed by HSBC for the contents of these publications or for the errors or omissions therein.