Extremely private details leaked by Japanese ‘love hotel’ search engine breach

6 Jan 20201.13k Views

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Image: © prasongtakham/Stock.adobe.com

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A search engine designed to help users find a ‘love hotel’ has disclosed it suffered a data breach last year.

The Japanese company behind the search engine HappyHotel revealed it suffered a data breach on 22 December, with a significant amount of sensitive information potentially accessed by the perpetrators.

According to ZDNet, the search engine’s parent company, Almex, made a statement announcing the breach, saying that threat actors may have accessed users’ names, email addresses and credit card details.

Other vulnerable details included usernames, passwords, date of birth, phone numbers and home addresses. Since the announcement, Happyhotel.jp has been taken offline and replaced with a statement regarding the breach and an apology to its users.

“We sincerely apologise for the inconvenience and anxiety that may have caused our customers and other concerned parties,” it said.

Love hotels – otherwise referred to as sex hotels – are places that provide guests with short-term stays for romantic or sexual encounters. While increasing in popularity across the world, Japan has some of the highest number of love hotels, numbering more than 37,000.

A second love hotel search engine operated by Almex, called Loveinn Japan, was also shut down following the breach but it remains unknown whether user data on that site was also breached. So far, no signs of the data has appeared online following searches by ZDNet, a Japanese security researcher and a threat intelligence company.

The incident is drawing comparisons with Ashley Madison, a site that offered users the chance to arrange extramarital affairs, which suffered a major breach in 2015. Details from as many as 37m users of the site were accessed, including 115,000 Irish users.

Not long after, those affected by the breach reported that they were targets of attempted extortion from people online. Demands included paying $2,500 in bitcoin or having details of their activities exposed to their loved ones.

Colm Gorey is a senior journalist with Siliconrepublic.com

editorial@siliconrepublic.com