The threat actor Stormous has claimed to have compromised the reservation database of www.jparkislandresort.com in the Philippines, exposing full booking records, payment data—including credit card information and scans of physical cards—ID documents, internal communications, and transaction histories, all unencrypted and accessible through the booking platform HeyTripGo. This leak highlights critical security lapses, notably the lack of encryption on customer booking details, which directly jeopardizes customer privacy and financial security.
Incident Details
- Victim: www.jparkislandresort.com
- Country: PH
- Actor: stormous
- Source: http://6sf5xa7eso3e3vk46i5tpcqhnlayczztj7zjktzaztlotyy75zs6j7qd.onion/jparkislandresort.com
- Discovered: 2025-05-15 18:27:19.999698
- Published: 2025-05-15 18:26:02.938540
Information
- Full reservation databases containing booking platform references, including HeyTripGo
- Payment data, including credit card information and transaction details
- PDF files containing credit card numbers, expiration dates, and CVV codes
- Scans of physical card images used in transactions
- Names and billing addresses linked to payment cards
- Complete reports of transaction history
- Partner commission data and invoice logs
- Identification documents and guest registration forms with physical signatures
- Internal communication records, including booking confirmation exchanges with platforms such as HeyTripGo and Agoda
- Observation that HeyTripGo.com does not encrypt or anonymize customer booking details, resulting in direct exposure of raw credit card data, customer personal details, and traceable booking references
Disclaimer: This post is based on public claims made by the ransomware group "stormous". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.