Feeds

Chinese hotel guests find data spaffed all over the internet

Probably better not register for Wi-Fi next time you're in the PRC

Website security in corporate America

Chinese hotel-goers beware – newspaper reports from the Middle Kingdom claim that the personal details of thousands of guests from major hotel chains have been leaked online.

The personal information appeared in a page on e-commerce platform Taobao, where a seller offer 8GB of data for 2,000 yuan (£203), and on a website called chakaifang.info – both have which have now been blocked, according to the South China Morning Post.

Before it was taken down, Cha Kai Fang apparently allowed visitors to search for guest bookings across the country by name, address, telephone number, ID number and other sensitive info.

It’s suspected that the data may have been pilfered from Zhejiang-based CNWisdom, a firm which provides Wi-Fi access to hotel chains in China. The firm was apparently fingered by vulnerability data site WooYun a fortnight ago for having been breached by hackers.

However, it is denying any involvement, claiming that the data it stores is different to that which has appeared online recently.

Nevertheless, the company services over 4,500 hotels across China and, back in 2011, processed over 450,000 hotel rooms, capturing name, address, workplace, ID number, birth date and phone number just to register for Wi-Fi, SCMP said.

If nothing else the breach scare illustrates once again why best practice advice is always for firms in such industries to collect and store as little customer information as possible, to reduce the risk of such data getting in the wrong hands.

In China, personal data theft is commonplace, often perpetrated by malicious insiders who sell that info on for profit.

However, the authorities have been trying to clamp down, with telecoms and internet service providers subject to new data protection rules as of 1 September this year.

In January, Beijing published guidelines similar to EU data protection rules promoting the idea of data minimisation and of gaining user consent before processing data.

However, according to law firm Pinsent Masons, laws in this area have been implemented in a confusing and inconsistent manner typical of China.

"It is to be welcomed that China is making strides to give Chinese citizens protection to their personal data, backed with the force of law," said Pinsent Mason’s Kening Li back in August.

"It is somewhat frustrating that these laws are being issued in a fragmentary fashion, although this is normal practice in the PRC. As always with China regulation, it remains to be seen how these laws will be enforced – such as which companies will face enforcement action and the alacrity with which regulators will act, and whether or not with meaningful penalties against transgressors." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.