Trump Hotels Guest Information Leaked on Hacker Forum

By Leakd.com Authors

February 04, 2025

Trump Hotels data breach — Trump Hotel Photo by Kenny Eliason on Unsplash

A user identified as FutureSeeker posted on a prominent hacker forum, claiming to have uploaded a database from Trump Hotels. The post includes a sample of sensitive data and a link to download the full dataset, containing 164,910 records. The leak appears to target invitation data from Trump Hotels, exposing sensitive personal information of individuals who have interacted with the hotel chain.

trump hotels data leak — source: leakd.com screenhot of a hacker forum

Trump Hotels is a luxury hotel chain owned by The Trump Organization, offering high-end accommodations, dining, and event spaces in major cities worldwide. Known for its opulent properties and association with President Donald Trump, the brand caters to affluent travelers, business executives, and political figures.

Contents of the Leaked File

The attached file, trump_visit.csv, contains 164,909 entries with the following fields:

id: Unique identifier for each record
fullname: Full names of individuals
email: Email addresses (151,179 records contain this data)
creation_date: The date the record was created
unit_id: Likely refers to a hotel or room identifier
status: Indicates whether invitations were delivered, completed, or pending
last_updated: Timestamp of the last modification to the record
expiration_date: Deadline or expiry for the invitation
sampling_exclusion: Notes about specific exclusions or quarantines (e.g., "[LIVE] THG: 30 day Quarantine")

Trump Hotels data breach details v2 — source: leakd.com

The leaked Trump Hotels invitation list contains sensitive personal information, including full names and email addresses of over 164,900 individuals. Notably, several names in the dataset are reminiscent of prominent figures or associates linked to President Donald Trump, such as "Marco Rubio", "Michael Thomas," "James Wilson," and "Richard Webb." While these may coincide with common names, the presence of both personal and corporate emails raises concerns. These could belong to high-profile individuals, their aides, or assistants, making them potential targets for phishing campaigns, identity theft, or more sophisticated spear-phishing attacks.

You can check if your email is part of the leak by using the Leakd Account Leak Checker tool, which helps identify if your information has been compromised in this or other data leaks.

The threat actor behind this leak, known as FutureSeeker, has a history of releasing similar data dumps on hacker forums. Their activity extends beyond the Trump Hotels breach to include large datasets from various entities, such as Skillovilla, grassrootsfest.org, and NorthPole, which contains over 520,000 entries. The scale and frequency of these leaks suggest a calculated effort to disrupt various organizations and industries.

One of FutureSeeker's posts titled "War on the United States" indicates a broader ideological or political motive. The post mocks U.S. institutions and hints at an agenda to target U.S. government agencies, suggesting a deeper animosity toward American cultural and governmental structures. This context, combined with the data leaks, highlights not only the risk to the individuals whose data has been exposed but also the possibility of more targeted attacks against American entities. The combination of personal and professional contact details in the leaked data could provide malicious actors with tools for further cyber exploitation, especially if the individuals are influential or connected to sensitive operations.

It is deeply concerning how the threat actor managed to obtain such a comprehensive list of personal information from Trump Hotels. The fact that such information could be exfiltrated and publicly shared highlights critical gaps in data protection. This incident underscores the urgent need for organizations to strengthen their cybersecurity frameworks and for individuals to be vigilant about how and where their personal information is shared.

Next Steps for Affected Individuals

Monitor for Suspicious Activity: Individuals who suspect they may be impacted should closely monitor their email accounts for unusual login attempts, phishing emails, or other suspicious activity.
Change Passwords: It’s advisable to change passwords for any accounts linked to the exposed email addresses. Ensure that new passwords are strong, unique, and not reused across multiple platforms.
Be Cautious with Unsolicited Communications: Avoid clicking on links or downloading attachments from unfamiliar emails, especially those referencing hotel bookings or invitations, as these may be phishing attempts leveraging the leaked data.
Use Tools Like Proton Pass: To enhance online security, consider using Proton Pass for managing accounts and bookings. Proton Pass not only generates and stores strong, unique passwords but also offers a Hide My Email feature. This function allows users to create email aliases when booking online, effectively masking their real email addresses and minimizing the risk of exposure in future data breaches.