- Joined
- Sep 19, 2013
- Messages
- 411
- Points
- 0
Security loophole leaking details of hotel guests in China
Staff Reporter 2013-10-13 16:41
Two people carry their luggage into a Hanting Express hotel in Shanghai. (File photo/CFP)
Hackers have reportedly found a software loophole in the servers of major budget hotel chains in China, allowing them access to the personal information of hotel guests, according to the Chinese-language web portal Eastday.
Hotels using the Wi-Fi management and ID authentication system developed by CNWisdom, or Zhejiang Huida Yizhan Network Company, have leaked their customers' personal information, according to WooYun, an online platform reporting on internet security loopholes and affiliated with the China National Vulnerability Database and several state-own internet and computer supervisory bodies.
The leak was caused by a loophole in CNWisdom's management system, which saves customers' information such as names, ID numbers, check-in dates and room numbers on its servers when the hotels submitted customers' check-in information to their own websites, the report said.
Most of the information submitted by the hotels are encrypted but the customers details are not and can be easily found and searched on CNWisdom's servers. The hotels said to be involved are Home Inn, Hanting Express, China World Summit Wing's Xianyang branch in northeastern China's Shaanxi province, Grand Metro Park Hotel Hangzhou in eastern China's Zhejiang province, Eaka 365 Hotel and Mels Weldon Hotel in Humen in southern China's Guangdong province.
The majority of the budget hotels refused to comment on the matter, however Huazhu Hotels Group, which operates five hotel chains such as Hanting Express, said that such a leak is not possible as it uses its own Wi-Fi management system. The company added that its system is also secured by a third-party network service provider certified by the Ministry of Public Security.
The security loophole was found by WooYun in August and it has followed standard procedures to inform the companies involved, as well as experts, technicians and the public. It has also reported to the National Computer Network Emergency Response Technical Team, which will handle the matter.
