Cybersecurity DIGITAL

Huazhu Group customers’ data offered for sale on Dark Web for 8 bitcoin

IT is going to happen, and it is happening as this piece was being written, and will continue to happen as cyber bad guys seem to always be a step ahead of organizations’ cyber-security sentinels.
What is being referred here is “hacking,” the breaching by cyber attackers of security protocols of organizations and stealing data, either for sale or for political purposes, or for blackmail, or for vengeance. (Hacker’s image: Pixabay)
Hacker's photograph
Or it could be just for the fun of it.
And this time it is the Huazhu Group, a China-based organization that operates more than 3,000 hotels in more than 100 cities across the world.
Among the brands that it carries include Mercure and Ibis, Hanting and Crystal Orange.
So, what happened?
McGallen and Bolden quoted mainstream news reports that around “500 million pieces of information of the hotel group’s customers (personal data, booking records, financial information, etc.) may be breached, and data of 130 million guests’ information are found on the Dark Web available for 8 bitcoin (around US$56,000).”
For Tim Mackey, technical evangelist of Synopsys, what happened to the Chinese hotel group revolves around making money.
“This looks like an opportunistic ‘hack’ in a vein quite similar to that of the Uber ‘hack’ last fall. Development teams using public source code system like GiHub and public continuous integration (CI) systems like Travis-CI need to recognize that any developer activity which causes a push to a public repository or a public branch can be viewed by others,” said Mackey.
The Synopsys executive suggested that in order to fight off the potential leaking out of credentials, configuration information and data, “these teams need to have strong policies surrounding how debugging of CI occurs, where forks of code by core developers are located, and the conditions under which a push to a public branch for CI occurs.”
As hosted development tools like GitHub, Jira and Travis-CI becoming increasingly popular, said Mackey, they also render them ideal sources of information for malicious actors.

The Synopsis technical evangelist called out organizations to strengthen their security​.​

“Consumers of hosted tools should ensure the security requirements their organization places on code being developed can be met by these tools and that they’re correctly configured to meet those requirements. Put in another way, while it is possible to ‘outsource’ the management of developer tooling, it is very likely the default configuration is not appropriate to your requirements and you should invest in ensuring your security requirements are met,” he added. (EKU)

Hello, Cyber World! A journalist's passion for news, which for me is every and any kind of news, but specially on Science, Technology, Innovation, Digital, and Current News, or just about anything under Heaven, birthed this news platform. Disclosure: I am not a scientist nor an expert on anything Science, and not a techie either; just some journalist who loves and care to bring the good news and share them to everyone out there. It is a big, big physical world out there, but the Industrial Revolution 4.0, the Internet in the Digital Age, has shrunk Earth into one small virtual community. Each human being a "neighbor" to everyone in the Philippines and in any point of the compass. Whatever you may see or think could be my and this site's shortcoming, my apologies. So, there, please join me in my journey in cyberspace! Be home, be safe, be mindful of your neighbors, of the Creator! Thanks so much.

0 comments on “Huazhu Group customers’ data offered for sale on Dark Web for 8 bitcoin

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: