On August 28, the Internet broke the news that user data of Huazhou Group's hotel chain was suspected to have been leaked. From the content released by the seller, the data contained information on the residents of more than 10 brands of hotels under Huazhu's Hanting, Xi Yue, Orange, Ibis, and so on. The leaked information includes registration data on Huazhu's official website, identity information registered for hotel check-in and hotel room opening records, residents' names, cell phone numbers, email addresses, ID numbers, login account passwords, and so on. The seller packaged about 500 million pieces of data for sale. That afternoon, Huazhou Group issued a statement saying that it has quickly carried out internal verification, and the first time the police.

140G about 500 million pieces of data information, involving more than 10 brands such as Huazhu's hotel users 130 million people, the scale, scope and impact of the shocking. Although Huazhu did not finally respond to whether the leaked information belonged to the group, but from the third-party security agencies as well as media testing, "the data authenticity is very high."

The leakage of hotel users' information is nothing new, and while it may not be as large as this one, there have been a number of leaks of a certain scale in recent years, including one in October 2013, when domestic security vulnerability-monitoring platform Uyun disclosed that Zhejiang Huida Yiyizou Co, a company that claims to be the largest provider of digital guest rooms in China, had suffered a major breach of its security system. In October 2013, the domestic security vulnerability monitoring platform "Wu Yun Network" disclosed that Zhejiang Huida Station, which claims to be the largest hotel digital room service provider in China, leaked the room records of a large number of hotels with which it has a cooperative relationship because of security vulnerabilities, involving 220,000 pieces of personal information from 4,500 hotels.In February 2015, Starwood and other seven well-known hotels were exposed to the leakage of their room records, and the amount of data leaked from each of them amounted to more than ten million pieces of data. Other forests of small-scale hotel user information leaks have also been exposed by the media from time to time.

In the Internet era, in order to make it easier and faster to stay in a hotel, users have to give up some of their personal information and privacy, which is required by the real-name system of the management, but there are also some hotels that excessively demand customer information for their own self-interest. The more comprehensive the user information, the more accurate marketing, in the era of big data, accurate user information can be called a gold mine.

But we can't just collect user information without protecting it, and we can't just utilize it without regard for its security. The cost of requesting user information is low, but to do a good job of securing large amounts of information requires high costs, which is why hotels are reluctant to invest too much in securing user information. The lack of investment has led to frequent information leakage incidents.

In the case of the suspected leakage of user information from the Huazhou Group's hotel chain, it's not clear whether the leakage originated from an internal source or a hacking attack, but it's clear that there are loopholes in the security protection of user information. The leakage of such a large amount of information is not only a great depletion of the group's credibility, but also may lead to more secondary disasters, such as the loss of users' personal and property safety, and the invasion of users' privacy. Therefore, Huazhu Group must attach great importance to this crisis, to be thoroughly investigated, no matter which part of the problem, can not avoid their own responsibility, but should take the initiative to rectify, and introduced a detailed and targeted aftermath measures.

This kind of rectification must be a real reform, not a superficial article to cope with public opinion, with the so-called public relations skills to alleviate public opinion. In this regard, DDT has learned a profound lesson, as it failed to implement the corrective measures, leading to the recurrence of the passenger murder incident, and the consequence is that DDT's ride is offline indefinitely. Hopefully, Huazhou Group will learn from this and not repeat the same mistake.

To ensure the safety of hotel user information, in addition to the enterprise to fulfill their own responsibilities, the management should also put more effort. On the one hand, by strengthening the management beforehand, during the inspection, after the punishment and other measures to help the hotel side of the main responsibility; on the other hand, to clarify the boundaries of the hotel to ask for user information, to prevent excessive request for user information to become the prevailing unspoken rules.

The majority of hotel users, as victims of information leakage, must also raise awareness of self-protection of information. When signing up for membership and checking in, be sure to check the relevant terms and conditions carefully to avoid excessive demands for personal information from the hotel. In the event of an information leak, you should be bold enough to defend your rights. If every time a user information leakage incident occurs, the hotel only in a short period of time to withstand the public opinion of the question, but will not face a large-scale user claims and vote with their feet, they are bound to lack to improve the security of personal information protection of the user's pressure and motivation. In this way, the information leakage incident is bound to happen again.

Source: China Youth Daily