Data of Millions of Tourists and Guests Exposed After Hotel Chain Data Breach

Updated: 29 October 2021
Updated: 29 October 2021

Fact-checked by

The notorious hacker group Desorden announced today that they breached the popular luxury hotel chain ‘Centara’ servers.

The hacker group Desorden revealed today that they have hacked the international hotel chain ‘Centara Hotel Group’ and succeeded in stealing over 400 GB of confidential data.

Centara is owned by the holding company ‘Central Group’, which owns the restaurant group ‘Central Restaurants.’ They were also hit with a hack by Desorden earlier this month.


  • Hacker group Desorden claims to have hacked mega hotel chain Centara
  • Centara acknowledges the security breach but downplays the attack.
  • In response, hackers release data showing the personal details of
    millions of hotel guests.
  • Hackers declare a ransom deal of $900,000 was accepted initially but
    later rescinded by the hotel chain.
  • Exposed data shows the personal information of hotel guests,
    including the sum of money they have spent at the franchise.
  • The leaked data is primarily on Australian and New Zealand citizens,
    including government officials.

Hackers claim that data was released and published because the hotel chain refused to pay a previously accepted ransom payment of $900,000.

Desorden Thai Hotel Hack

Centara confirmed the data breach in a blog post today but downplayed the security and data breach severity.

This hack comes only one day after Desorden revealed it hacked Thailand’s Central Restaurants Group, also owned by the parent company Central Group.

Hackers Dispute Claims Made by Hotel Chain

In an email interview with Privacy Affairs, Desorden revealed that some of the claims made by the hotel group in their blog post are inaccurate.

In their blog post, Centara writes that they engaged a reputable cybersecurity consultant to conduct a thorough investigation immediately after finding out about the breach and that only “general personal data” was affected.

Desorden alleges that they notified Centara and pointed out that they still have full access to Centara data. They again hacked into the five affected servers.

Desorden comments that they started negotiations with Centara on 16 October regarding a possible ransom payment.

Desorden further disputes the claims that the breach impacted only a limited section of the Centara network.

The hackers allege that they have “basically brought down their entire backend,” which consists of 5 servers, and that over the course of 10 days, they managed to steal over 400 GB of very sensitive data.

Desorden Thai Hotel Breach

Desorden alleges that this data includes the personal information of several million hotel guests.

In an email to Privacy Affairs, Desorden commented that:

“Basically, anyone who has ever stayed at any of their 70 luxury hotels between 2003 to 2021 has been compromised and we mean luxury first-class hotel guests”

According to the hackers, the 400 GB of data also includes all financial data, corporate data, and employee data of the hotel chain.

Desorden alleges that they “wiped their network of 5 servers in the heist”.

In the email to Privacy Affairs, Desorden further disputes the Centara blog post’s use of the term “general personal data” when referring to the data that was stolen.

The hackers claim that, in actuality, the stolen data includes information such as names, passport numbers, id numbers, phone numbers, email addresses, and check-in/departure times.

Hackers Demand $900,000 Ransom Payment

Desorden alleges that on 26 October 2021, they reached an agreement with the hotel chain to receive a sum of $900,000 in order not to release the hijacked data. However, the hackers claim that in the end, this deal was rescinded by the victim, and as such, they will be releasing all the data.

The hacker group posted a sample of the stolen data, which was evaluated and authenticated by Privacy Affairs.

The leaked data includes details such as guests’ full names, emails, phone numbers, dates on which they stayed at various Centara-owned hotels, and the total amount of money they spent at the hotel.

This includes names and details of high-profile guests, many of which have spent over $100,000 at various Centara-owned hotels.

Personal details of various government officials – mainly from Australia and New Zealand – who at one point stayed at the hotel were also leaked.

We have reached out to Centara for comment regarding these allegations.

This new leak comes just one day after Desorden announced they managed to breach Central Restaurants Group in Thailand, affecting more than 2,000 restaurants and their clients’ private data.

Written by: Miklos Zoltan

Connect with the author:

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Leave a Reply

Your email address will not be published.