Marriott: Massive Data Breach May Put 500 Million Guests' Information at Risk

Discussion in 'other security issues & news' started by hawki, Nov 30, 2018.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    "Marriott International said Friday that it is working to resolve a massive data breach that could have affected as many as 500 million customers that could have included passport numbers and credit card details.

    Marriott said the breach, which has been reported to law enforcement officials, was first alerted on September 8 and involved its Starwood guest reservation data base. On November 19, the company said, it determined there had been unauthorized access to the data going back to at least 2014..."

    https://www.thestreet.com/investing...0-million-guests-information-at-risk-14796827
     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    Marriott Press Release:

    https://www.businesswire.com/news/home/20181130005123/en

    According to a press release, Marriott believes the compromised database had information on up to 500 million guests who had made a reservation at a Starwood property.

    The information compromised includes sensitive details including their passport numbers (for those who booked at foreign hotels) as well as name, date of birth, dates of their reservation, email address and mailing address. The infiltration dates back to at least September 2014 - before Starwood was purchased by Marriott - and continued through September of this year.

    Payment card numbers and payment card expiration dates belonging to some of those affected were also stolen, but the payment card numbers were encrypted using Advanced Encryption Standard encryption.
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    Starwood brands include:

    W Hotels
    St. Regis
    Sheraton Hotels & Resorts
    Westin Hotels & Resorts
    Element Hotels
    Aloft Hotels
    The Luxury Collection
    Tribute Portfolio
    Le Méridien Hotels & Resort
    Four Points by Sheraton
    Design Hotels
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    "...Marriott’s carefully worded statement doesn’t identify who obtained access and how. That’s particularly troubling, as if this wasn’t a hack or full security breach then it could have been sloppy security that let anyone access this information and clone the database. That’s backed up by the fact Marriott reveals it discovered the database breach through a copied and encrypted version. Whether this copy is public, or for sale on the dark web, remains vague..."

    https://www.theverge.com/2018/11/30/18119403/marriott-database-breach-starwood-hotels
     
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    Last edited: Nov 30, 2018
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,187
    Location:
    Slovenia, EU
    What the Marriott Breach Says About Security
    https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,835
    Marriott sued hours after announcing data breach
    One class-action lawsuit is seeking $12.5 billion in damages
    December 2, 2018

    https://www.zdnet.com/article/marriott-sued-hours-after-announcing-data-breach/
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,894
    Location:
    Texas
    Massive Marriott Breach Underscores Risk of overlooking Data Liability
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,894
    Location:
    Texas
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,835
    Marriott’s breach response is so bad, security experts are filling in the gaps — at their own expense
    December 3, 2018
    https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,894
    Location:
    Texas
    The Marriott data breach

     
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    "Clues in Marriott hack implicate China

    (Reuters) - Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter...

    That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.

    While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online...

    Former senior FBI official Robert Anderson told Reuters that the Marriott case looked similar to hacks that the Chinese government was conducting in 2014 as part of its intelligence operations.

    'Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person,' said Anderson, who served as FBI executive assistant director until 2015...

    Michael Sussmann, a former senior Department of Justice official for its computer crimes section, said that the long duration of the campaign was an indicator that the hackers were seeking data for intelligence and not information to use in cyber crime schemes..."

    https://www.reuters.com/article/us-...tt-hack-implicate-china-sources-idUSKBN1O504D
     
    Last edited: Dec 6, 2018 at 9:55 AM
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,894
    Location:
    Texas
    New Lawsuit Claims Marriott Still Exposes Customer Information
     
  16. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,801
    Location:
    DC Metro Area
    "U.S. investigators point to China in Marriott hack affecting 500 million guests

    U.S. government investigators increasingly believe that Chinese state hackers were most likely responsible for the massive intrusion reported last month into Marriott’s Starwood chain hotel reservation system,...

    Preliminary indications show the breach was executed by hackers affiliated with the Chinese Ministry of State Security, ...The MSS, an intelligence and security agency, has been behind many Chinese government intrusions into sensitive U.S. networks in recent years....

    Some U.S. intelligence officials believe that the breach was conducted to enrich the massive Chinese data sets on U.S. and other citizens that have been amassed for years,...

    The people familiar with the investigation said the Marriott breach involved the same cloud-hosting space that Chinese state hackers have used in the past, and that one signature technique that involved hopping among servers also points to Chinese involvement. Another clue suggesting nation-state involvement was that none of the breached data has appeared on the “dark Web” or any of the forums that criminals typically use to sell stolen credentials and other valuable personal data..."

    https://www.washingtonpost.com/tech...ing-million-travelers/?utm_term=.ad8589dc15ba
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.