A number of hotel information leaked large data times personal information security alarm

Source: Internet
Author: User
Keywords Hotels information leaks personal information post
This year's "Prism Gate" incident in the United States has caused global thinking about personal information security. Indeed, in the age of large data, any small action can be the source of information leaks. Recently, the domestic security leak monitoring platform cloud issued a report said, Zhejiang Hui Tatsu Network Co., Ltd. (hereinafter referred to as "Hui-da Station") for a large number of hotels in China to provide wireless portal authentication system Information leakage of security risks.


Hotel Wi-Fi


suspected of leaking source


Cloud NET on October 5 revealed that the public report, such as home, Han Court, 7 days, Greentree Inn and many other well-known economic chain hotels all or part of the use of the Hui Tatsu hotel Wi-Fi management, certification management system. Hui Tatsu Station on the server real-time storage of these hotel customer records, including customer name, ID number, open room date, room number, such as sensitive, privacy information.


vulnerability found that guests staying at these hotels connect to the hotel's open Wi-Fi internet access, will be required to authenticate through the Web page. It is worth noting that this certification is not through the hotel's server, but at the Hui da Station server completed, while the server also saved a hotel guest information. Because the system design flaw, the customer entered the name, room number, ID card number and other information, in the process of uploading to the server may be stolen.


on this, Hui-da Inn on October 10 on the company's website issued a statement, acknowledging the existence of wireless portal system Information security encryption level is low, there is information leakage of security risks, technical team has been to the existing portal wireless certification complete upgrade. At the same time, Hui-da station also stressed that the security of the wireless portal system is the company's responsibility, and any hotel customers have nothing to do, and clarify the company with the Hanting Hotel (Wah Group), Hangzhou Grand Metropark Hotel and other hotel customers do not have cooperative relations.


Open Room information was leaked


was able to inquire online


for customer information has been leaked, Hui Tatsu post in the notice to be denied. Hanbing, the company's marketing director, said that "the screenshot provided by the current Third-party vulnerability monitoring platform is, to some extent, only a demonstration of the Agency as a technical verification vulnerability and does not indicate that information disclosure already exists." ”


However, as the Hui da Station October 12 released a loophole has been repaired, the hidden danger has been lifted after the confirmation notice, 15th early morning a searchable hotel guest information of the appearance of the site, so that information disclosure events to further upgrade.


It is understood that the homepage of the website has only the topmost "query" word, as well as a "name or id" input box and a "Query" button. After entering the name, you can get the personal data of all the persons with the same name in the database, including the ID number, e-mail, mobile phone number and (lodging) Registration date. If the ID number is entered, it can be directed to the person's room information at the hotel. A number of users through the inquiry of their own and friends to open room information, all indicate that ID card and mobile phone number on the. Although the site has not been accessible, but the disclosure of guest room information is an indisputable fact.


Information Leakage Loss


there is no standard


in fact, as early as June this year, there are netizens, Jinjiang Inn hotel will be at least 50,000 accurate customer information to a travel site, including name, ID number, mailbox and mobile phone and other privacy information. Then the Jinjiang star issued a statement on the matter to deny it. According to the reporter understand, the current online also circulated this one "a hotel 2000W data" Compressed files for Internet users to download.


personal information leaked behind, in fact, also hides a personal information reselling the gray industry chain. Many lawless elements gain benefits by selling other people's information, and buyers use information to advertise or make phone fraud. In this respect, Weinuomingda law firm director Yang Chaoquan in the securities daily, said in an interview, the current China has not promulgated personal information protection related laws and regulations, the need to strengthen the disclosure of civil compensation system for civil information to establish and implement. He told reporters that the current personal information leakage victims to seek compensation still have difficulties, on the one hand, the amount of personal loss is small, if the lawsuit, litigation costs relatively high. At present, there is no system of class action in our country, nor can the victims be sued by the group; On the other hand, the loss of citizen information is not clearly defined and measured, which is a major difficulty and obstacle in the lawsuit.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.