Marriott: Massive Data Breach May Put 500 Million Guests' Information at Risk

Discussion in 'other security issues & news' started by hawki, Nov 30, 2018.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
    "Marriott International said Friday that it is working to resolve a massive data breach that could have affected as many as 500 million customers that could have included passport numbers and credit card details.

    Marriott said the breach, which has been reported to law enforcement officials, was first alerted on September 8 and involved its Starwood guest reservation data base. On November 19, the company said, it determined there had been unauthorized access to the data going back to at least 2014..."

    https://www.thestreet.com/investing...0-million-guests-information-at-risk-14796827
     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
    Marriott Press Release:

    https://www.businesswire.com/news/home/20181130005123/en

    According to a press release, Marriott believes the compromised database had information on up to 500 million guests who had made a reservation at a Starwood property.

    The information compromised includes sensitive details including their passport numbers (for those who booked at foreign hotels) as well as name, date of birth, dates of their reservation, email address and mailing address. The infiltration dates back to at least September 2014 - before Starwood was purchased by Marriott - and continued through September of this year.

    Payment card numbers and payment card expiration dates belonging to some of those affected were also stolen, but the payment card numbers were encrypted using Advanced Encryption Standard encryption.
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
    Starwood brands include:

    W Hotels
    St. Regis
    Sheraton Hotels & Resorts
    Westin Hotels & Resorts
    Element Hotels
    Aloft Hotels
    The Luxury Collection
    Tribute Portfolio
    Le Méridien Hotels & Resort
    Four Points by Sheraton
    Design Hotels
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
    "...Marriott’s carefully worded statement doesn’t identify who obtained access and how. That’s particularly troubling, as if this wasn’t a hack or full security breach then it could have been sloppy security that let anyone access this information and clone the database. That’s backed up by the fact Marriott reveals it discovered the database breach through a copied and encrypted version. Whether this copy is public, or for sale on the dark web, remains vague..."

    https://www.theverge.com/2018/11/30/18119403/marriott-database-breach-starwood-hotels
     
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
    Last edited: Nov 30, 2018
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,181
    Location:
    Slovenia, EU
    What the Marriott Breach Says About Security
    https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,805
    Marriott sued hours after announcing data breach
    One class-action lawsuit is seeking $12.5 billion in damages
    December 2, 2018

    https://www.zdnet.com/article/marriott-sued-hours-after-announcing-data-breach/
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,865
    Location:
    Texas
    Massive Marriott Breach Underscores Risk of overlooking Data Liability
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,865
    Location:
    Texas
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,805
    Marriott’s breach response is so bad, security experts are filling in the gaps — at their own expense
    December 3, 2018
    https://techcrunch.com/2018/12/03/marriott-data-breach-response-risk-phishing/
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,865
    Location:
    Texas
    The Marriott data breach

     
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,798
    Location:
    DC Metro Area
    "Clues in Marriott hack implicate China

    (Reuters) - Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter...

    That suggests that Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.

    While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online...

    Former senior FBI official Robert Anderson told Reuters that the Marriott case looked similar to hacks that the Chinese government was conducting in 2014 as part of its intelligence operations.

    'Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person,' said Anderson, who served as FBI executive assistant director until 2015...

    Michael Sussmann, a former senior Department of Justice official for its computer crimes section, said that the long duration of the campaign was an indicator that the hackers were seeking data for intelligence and not information to use in cyber crime schemes..."

    https://www.reuters.com/article/us-...tt-hack-implicate-china-sources-idUSKBN1O504D
     
    Last edited: Dec 6, 2018 at 9:55 AM
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    66,865
    Location:
    Texas
    New Lawsuit Claims Marriott Still Exposes Customer Information
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.