Security News Marriott: Data breach may affect 500M hotel guests

[vtqhtr413]

Content source

https://www.upi.com/Top_News/US/2018/11/30/Marriott-Data-breach-may-affect-500M-hotel-guests/5551543579031/

Nov. 30 (UPI) -- Marriott said Friday a data breach detected weeks ago may have exposed the personal information of about 500 million guests at several hotel brands, including the W and Sheraton. The world's largest hotel chain said it learned in September there had been unauthorized access to the Starwood guest reservation system. Marriott said it hired cybersecurity experts and eventually learned that data had been copied and stolen.

For about 327 million guests, the stolen information included a combination of names, addresses, phone numbers, email addresses, passport numbers, dates of birth and travel plans, the company said in a statement. For other guests, hackers attempted to take credit card numbers and expiration dates, though it's unclear if they were successful. Some customers had only mailing addresses and email addresses stolen.

Marriott said it found its reservation database has been compromised since 2014 and unauthorized access could affect bookings made as recently as Sept. 10.
"We deeply regret this incident happened," Marriott President and CEO Arne Sorenson said. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests and using lessons learned to be better moving forward."

 

[Jake Miguel]

Hyatt said it had discovered unauthorized access to payment card information at certain of its locations, affecting 41 properties in 11 countries.

Source: Marriot Hotel Data Breach


Is this the biggest one? The numbers are in millions man.

 

[Weebarra]

Yeah i bet they do regret it Really since as far back as 2014 that is a long time and the type of information that the hackers have had access to is everything a bad guy would need to do some serious damage

 

[dinosaur07]

That is very worrying. Everything can be hacked nowadays and that's the reality.

 

[ChemicalB]

They have been hacked in 2014 and they say that after 4 years?....No comment!

 

[Eddie Morra]

They have been hacked in 2014 and they say that after 4 years?....No comment!

They didn't know they were hacked back then but only discovered this recently AFAIK. Still, September to now is quite awhile, but I guess they were conducting investigations to determine what the damage really was before talking about it publicly (many companies have done this before).

Phone providers have been hacked by state actors before and did not discover it until years later after the hacks had happened, and even companies like Kaspersky have been hacked in the past,. Remember the CCleaner? Avast only found out about it because of a third-party reporting suspicions to them, not to mention they were distracted with the take-over at the time.

Nonetheless, what people fail to understand is that no online company is completely hack-proof, and that one of the best ways to keep yourself safe is to only use what you need, and to rid things you do not need (e.g. deactivate accounts you know you are not going to use in the future, do not aimlessly sign up for things and share your personal information, etc.).

 

[ChemicalB]

They didn't know they were hacked back then but only discovered this recently AFAIK. Still, September to now is quite awhile, but I guess they were conducting investigations to determine what the damage really was before talking about it publicly (many companies have done this before).

Phone providers have been hacked by state actors before and did not discover it until years later after the hacks had happened, and even companies like Kaspersky have been hacked in the past,. Remember the CCleaner? Avast only found out about it because of a third-party reporting suspicions to them, not to mention they were distracted with the take-over at the time.

Nonetheless, what people fail to understand is that no online company is completely hack-proof, and that one of the best ways to keep yourself safe is to only use what you need, and to rid things you do not need (e.g. deactivate accounts you know you are not going to use in the future, do not aimlessly sign up for things and share your personal information, etc.).

Yeah, totally agreed

 

[Deleted member 178]

And you don't know the origin of the breach, could be initiated internally then remotely accessed by an unhappy employee or else.

Could also be an hacker than managed to get employed as admin in the sole purpose to access the network internally, plant his malware, resigning and wait the right moment to avoid being traced back.

Such huge companies can't control everything.

People, who have no clues and experience in corporate field, easily blame companies for hacking, i wish to see them deploying security in such hotels with all the inherent limitations... Let see after if they still blaming.


Managing a big company is not managing your poor 3 home computers lol

 

[vtqhtr413]

US believes Chinese intelligence behind Marriott hack​

Secretary of State Mike Pompeo confirmed to Fox News' "Fox & Friends" program that the government believes China masterminded the Marriott data theft. "They have committed cyber attacks across the world," he told the show, "We consider them a strategic competitor. They are taking actions in the South China Sea. They're conducting espionage and influence operations here in the United States," The Marriott hacking allegation came amid heightened tensions between Beijing and Washington that encompass geopolitics, trade, technology rivalry and espionage.

Last week Canada arrested an executive of China's leading Huawei telecommunications company at the request of the United States, which plans to charge her with fraud charges related to sanctions-breaking business dealings with Iran. China has responded in kind, detaining a former Canadian diplomat, Michael Kovrig, who is now a China expert at the International Crisis Group security consultancy.

Moreover, Washington is expected this week to unveil new charges against Chinese military and intelligence hackers as it seeks to counter what is seen as a broad-based, sustained cyber threat against US government and corporate targets from Beijing. On Wednesday, it also slapped a $2.8 million penalty on a Chinese energy company, Yantai Jereh Oilfield Services Group, for violating US sanctions by shipping US-made equipment to Iran.

The Marriott hackers, who stole detailed data on some 500 million customers of the world's largest hotel company, are believed to have been working for China's Ministry of State Security. Washington sees them as part of an espionage effort that has targeted health insurers and the US civil service employment database. Marriott revealed on November 30 that cyber-thieves had been in the systems of its Starwood brand since 2014, which Marriott took over two years later.It uncovered the breach in September and the Federal Bureau of Investigation is understood to be investigating the matter.

In the past week, Marriott has sent out emails to customers who had used its systems alerting them that their data may have been stolen.
For more than 60 percent of the customers, the data stolen included passport information, addresses, their travel details, and credit card details.
The company said that the credit card data was protected by two decryption components, but added: "at this point, Marriott has not been able to rule out the possibility that both were taken."

Separately, a new report from computer security company McAfee said their researchers had uncovered a new global effort by hackers to infiltrate the computer systems of nuclear, defense, energy and financial companies. "In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States," the company said. It said initial indications were that the hackers were North Korean, but also suggested the possibility that the identifiers in the malware that pointed to Pyongyang may have been a "false flag" to distract researchers from the true source.

Source: US believes Chinese intelligence behind Marriott hack