Marriott hack hits 500 million Starwood guests

Status
Not open for further replies.
SeatBackForward

SeatBackForward

Established Member
Joined
Jun 20, 2006
Posts
4,923
Qantas
LT Gold
Oneworld
Emerald
Marriott hack hits 500 million Starwood guests

The records of 500 million customers of the hotel group Marriott International have been involved in a data breach.

The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.

It said an internal investigation found an attacker had been able to access to the Starwood network since 2014.

The company said it would notify customers whose records were in the database

Marriott hack hits 500 million guests
Click to expand...

Oh boy...
 
So I have been hacked by both BA and now SPG incidents.
 
opusman said:
I'm surprised SPG had 500 million members.
Click to expand...
It's not just SPG, it's the entire Starwood reservations database. I do have to wonder how many of those 500 million are duplicates, but in any case it's an absolutely massive breach.

I wonder if there's ever been a larger breach of passport numbers, that could be a fun mess to clean up.
 
A long letter from SPG Today. It begins:

Dear Valued Guest,

Marriott values our guests and understands the importance of protecting your personal information. We have taken measures to investigate and address a data security incident involving the Starwood guest reservation database. The investigation has determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties* on or before September 10, 2018. This notice explains what happened, measures we have taken, and some steps you can take in response.

Starwood Guest Reservation Database Security Incident

On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Marriott reported this incident to law enforcement and continues to support their investigation. The company is also notifying regulatory authorities.

etc, etc
 
opusman said:
I'm surprised SPG had 500 million members.
Click to expand...
Is that 1 in 15 of the world population? Every man, woman and child. Maybe they got the decimal places wrong. Or have I?
 
DC3 said:
Is that 1 in 15 of the world population? Every man, woman and child. Maybe they got the decimal places wrong. Or have I?
Click to expand...
The 500 million number is certainly what they have been saying. I think that the most likely explanation is that it's 500 million customer records and it's hard to deduplicate many of them which may be the same person staying multiple times who has somehow had multiple records created for them.
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Luckily all my CC details have expired or been cancelled. Coupled with the frustrating process of merging and issuing of new accounts and numbers - I challenge anyone to make sense of my data.
 
Yeah. I received notifications to two email accounts, so the 500 million could be half that, or less, in terms of actual numbers.

But the last stay I can find by trawling my emails was back in 2010. That probably would have been back in the days of the 'Earth' credit card.

I'm probably thinking there might not be so much of an issue in my case.
 
Betterhalf and myself are both marriotts members.... He has received the email today, I have not. All our bookings with marriotts were done under my account. He hasn't had any bookings in there so had very little info in his account. My last booking was in Sept 2018. I'm wondering if they are sending the emails to the less affected first, aka Old bookings, expired CC's, no bookings in there account so no CC details.... I've already changed the passwords on both of these accounts.

Has anyone received this email and has had a marriotts booking in 2018?

My CC hasn't been compromised as i receive immediate alerts when money has been spent on it.
 
My son opened and operated my Starwood account which is back to zero points.
My Marriott Account is the one I use.
 
Mistress said:
Betterhalf and myself are both marriotts members.... He has received the email today, I have not. All our bookings with marriotts were done under my account. He hasn't had any bookings in there so had very little info in his account. My last booking was in Sept 2018. I'm wondering if they are sending the emails to the less affected first, aka Old bookings, expired CC's, no bookings in there account so no CC details.... I've already changed the passwords on both of these accounts.

Has anyone received this email and has had a marriotts booking in 2018?

My CC hasn't been compromised as i receive immediate alerts when money has been spent on it.
Click to expand...
The hack was of the Starwood site so if you only stayed at Marriotts then not affected.Records on Starwood are from 2014.
 
Is it anybody going to avail themselves of the free one year subscription to Identity works
 
VPS said:
Is it anybody going to avail themselves of the free one year subscription to Identity works
Click to expand...
If anyone has signed up - how much personal information do they ask for? Because I'm not all that keen to hand over more personal information just so they can monitor it...

The best case scenario, in terms of risk of fraud, is that the media reports of it being Chinese military intelligence are correct - in which case there's a much lower risk that this database is going to end up for sale on a dark web site somewhere.
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Staff online

Currently Active Users

Total: 949 (members: 42, guests: 907)
Back
Top