HappyHotel, a Japanese search engine for finding and booking rooms in “love hotels,” disclosed a security breach at the end of last year.
Love hotels are hotels built and operated primarily for allowing guests privacy for sexual activities. Love hotels, also known as sex hotels, are used by both married couples and cheating spouses, alike, and are found all over the world, but they are particularly popular in East Asia, and especially Japan.
Data breach at HappyHotel.jp
HappyHotel.jp is a website that operates similarly to Booking.com, but lets registered users search and book rooms in love hotels across Japan.
In a message posted on its website, Almex, the company behind the service, said it detected unauthorized access to its servers on December 22, last year.
The security incident is as bad as it gets, and hackers appear to have gotten their hands on a wealth of sensitive user information.
According to Almex, the type of data that hackers might have accessed includes details such as real names, email addresses, login credentials (usernames and passwords), birth dates, gender information, phone numbers, home addresses, and payment card details.
Almex reacted to the breach by suspending its website, located at HappyHotel.jp, and posting a notice of the breach. The website has been down ever since Christmas.
“We sincerely apologize for the inconvenience and anxiety that may have caused our customers and other concerned parties,” Almex leadership said in a message posted on the website.
Loveinn Japan, a second love hotel search engine managed by Almex was also shut down, but the site did not feature a data breach notice, and it is unclear if hackers stole user data from this portal as well.
An Almex spokesperson did not respond to a request for comment.
Data not leaked online — yet
The website’s data doesn’t appear to have been leaked online, at the time of writing, according to a search ZDNet performed together with a Japanese security researcher and a threat intel company.
The website’s data is incredibly sensitive. The entire incident is reminiscent of the Ashley Madison hack of 2015 when a hacker stole and dumped online user data from AshleyMadison.com, a dating website marketing itself as a go-to place for having an affair.
The HappyHotel data will, without a doubt, contain information about individuals who booked rooms for extramarital sex and affairs.
If the site’s data leaks online, those individuals will face extortion attempts, similar to how Ashley Madison users faced blackmail attempts for years. These extortion attempts had a severe toll on some Ashley Madison users, with a few ending up taking their own lives.