5.8M RedDoorz User Records Reportedly for Sale on Hacking Forum

Michal Christine Escobar
Senior Editor (Hotels)
Michal Christine  Escobar  profile picture

According to, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. RedDoorz is a Singapore-based hotel management & booking platform with more than 1,000 properties across Southeast Asia. It disclosed that it had suffered a data breach back in September. 

The bad actor showed what data was available for purchase by posting a small screengrab of a few hundred individual records. Included data was a RedDoorz member's email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation.

No financial information was exposed.

To learn more about this data breach, HT spoke with two cybersecurity experts: Paul Edon, senior director, technical services at Tripwire and Javvad Malik, security awareness advocate at KnowBe4.

HT: Why are ransomware attacks still happening?

Paul Edon: Ransomware attacks continue because they’re ultimately profitable for the attacker. It’s easy to admonish organizations for paying the ransom when you’re not the one faced with the business impact and the reputational damage. Criminals have also figured out that stealing the data before encrypting it gives them further leverage to incentivize victims to pay up.

Javvad Malik: Stealing data is big business for criminals and is often done in parallel with or independently of ransomware. Once data is stolen, be that financial, personal, or any other kind - there are many options available to criminals from extortion, blackmail, selling the data online, or merely as a means to soil the reputation of the victim organization.

HT: How can hospitality organizations prevent themselves from being "next"?

Paul Edon: At this point, every organization should have a game plan for a successful ransomware attack. Ransomware attacks are a risk of doing business online, and you can choose to accept or mitigate that risk. As with most cyberattacks, prevention is better than response. Ransomware doesn’t usually succeed because the attacker is highly skilled, but because the defenses aren’t in place. Take the time to review how hardened your systems are, how trained your staff is, and what your vulnerability profile looks like. If you can’t answer those questions, then build a plan that enables you to get answers.

Javvad Malik: Having robust threat detection and monitoring controls are essential so that organizations can quickly identify where a breach may have occurred and have in place the records to be able to validate what data, if any, was stolen. It's why it's important more than ever for organizations of all sizes and across all verticals to foster a culture of security so that all areas of the organization play their role in staying secure.