Feeds

Chinese hotel guests find data spaffed all over the internet

Probably better not register for Wi-Fi next time you're in the PRC

Seven Steps to Software Security

Chinese hotel-goers beware – newspaper reports from the Middle Kingdom claim that the personal details of thousands of guests from major hotel chains have been leaked online.

The personal information appeared in a page on e-commerce platform Taobao, where a seller offer 8GB of data for 2,000 yuan (£203), and on a website called chakaifang.info – both have which have now been blocked, according to the South China Morning Post.

Before it was taken down, Cha Kai Fang apparently allowed visitors to search for guest bookings across the country by name, address, telephone number, ID number and other sensitive info.

It’s suspected that the data may have been pilfered from Zhejiang-based CNWisdom, a firm which provides Wi-Fi access to hotel chains in China. The firm was apparently fingered by vulnerability data site WooYun a fortnight ago for having been breached by hackers.

However, it is denying any involvement, claiming that the data it stores is different to that which has appeared online recently.

Nevertheless, the company services over 4,500 hotels across China and, back in 2011, processed over 450,000 hotel rooms, capturing name, address, workplace, ID number, birth date and phone number just to register for Wi-Fi, SCMP said.

If nothing else the breach scare illustrates once again why best practice advice is always for firms in such industries to collect and store as little customer information as possible, to reduce the risk of such data getting in the wrong hands.

In China, personal data theft is commonplace, often perpetrated by malicious insiders who sell that info on for profit.

However, the authorities have been trying to clamp down, with telecoms and internet service providers subject to new data protection rules as of 1 September this year.

In January, Beijing published guidelines similar to EU data protection rules promoting the idea of data minimisation and of gaining user consent before processing data.

However, according to law firm Pinsent Masons, laws in this area have been implemented in a confusing and inconsistent manner typical of China.

"It is to be welcomed that China is making strides to give Chinese citizens protection to their personal data, backed with the force of law," said Pinsent Mason’s Kening Li back in August.

"It is somewhat frustrating that these laws are being issued in a fragmentary fashion, although this is normal practice in the PRC. As always with China regulation, it remains to be seen how these laws will be enforced – such as which companies will face enforcement action and the alacrity with which regulators will act, and whether or not with meaningful penalties against transgressors." ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.