Darknet offer: Tens of thousands of ID scans stolen from Italian hotels
High-priced hotels in particular were the focus of the data theft. Germans whose ID cards, driving licenses or passports were copied are also affected.
(Image: Brian A Jackson / Shutterstock.com)
Criminals have stolen 160,000 photocopies of identity documents from several Italian hotels, which they had made when guests checked in. Over 20,000 data records were lost from several hotels, and over 30,000 from two of them. The copied identity documents appear to be authentic and are for sale on a darknet forum. Cost: around 50 cents per copy of ID.
The criminals have been breaking into hotel booking systems since June and stealing the stored copies of ID cards. In a Venetian hotel, they got their hands on 38,000 stored ID cards, the highest value on offer from the darknet fence "mydocs". The elegant hotel near St. Mark's Square only has 50 rooms, so the guest data must go back years.
Videos by heise
Data appears to be genuine - Germans also affected
In another hotel, the Hotel Continentale in Trieste, the criminals stole 17,000 identity documents, including those of German guests. As is usual with data traders, the thieves made some demo data records available in the sales advertisement – heise security was able to verify some of them. The data appears to be genuine, and we also spoke to one of the victims on the phone. The former hotel guest remembered the stay in Trieste well, as it was only two months ago. The hotel had not yet contacted him to confess the data breach, according to the Bavarian by choice.
A total of nine hotels in Italy and one on the Spanish vacation island of Mallorca had uninvited visitors. In addition to the affected guests, the relevant data protection authorities could also be interested in the leaks. Although guests in Italian hotels have to identify themselves to their host with an ID document, they are supposed to destroy the personal data immediately after it has been passed on to the responsible authority. At least that's according to a status report from the Bundestag in 2023.
The data records contain the front and back of ID cards and driving licenses, sometimes even passports. According to the criminals themselves, they have not stolen any other data. Their potential buyers could use the stolen ID photos to open accounts under false names or make fraudulent purchases. Those affected should therefore be vigilant.
Data leaks in hotels and on booking platforms are a common phenomenon. Less than two years ago, the hotel chain MotelOne was hit: the ransomware group AlphV gained access to its network and eventually published its loot. At Booking.com, on the other hand, there are always unexplained cases of phishing.
(cku)
