Marriott hack hits 500 million Starwood guests

[VPS]

Thought I would let someone else go first.

That's why I was asking

 

[VPS]

If anyone has signed up - how much personal information do they ask for? Because I'm not all that keen to hand over more personal information just so they can monitor it...

The best case scenario, in terms of risk of fraud, is that the media reports of it being Chinese military intelligence are correct - in which case there's a much lower risk that this database is going to end up for sale on a dark web site somewhere.

Hence my question

 

[Flying mermaid]

Has anyone found their details compromised as a result of this leak/hack?

not yet, but it’s early days. I never keep my cc details in my member details, but of course you are forever adding it to a booking to guarantee it. Credit card details have been stolen and although they are encrypted the details to break the encryption have probably be stolen as well - or so the cheerful email I got said.

And oh by the way we’ve been hacked multiple times since 2014 and only just realised it.

I am going to register with the free for a year identity check site they have provided me, which will alert me if my details are out there - for what it’s worth,

Hope the EU hit them with massive fines. All these companies are too cheap to put in proper security.

 

[Flying mermaid]

Is it anybody going to avail themselves of the free one year subscription to Identity works

probably - haven’t looked at it yet.

 

[drron]

I was oing to sign up with the free checks with the same company when they were hacked.They wanted too much info so I didn't proceed.

 

[ajd]

not yet, but it’s early days. I never keep my cc details in my member details, but of course you are forever adding it to a booking to guarantee it. Credit card details have been stolen and although they are encrypted the details to break the encryption have probably be stolen as well - or so the cheerful email I got said.

And oh by the way we’ve been hacked multiple times since 2014 and only just realised it.

I am going to register with the free for a year identity check site they have provided me, which will alert me if my details are out there - for what it’s worth,

Hope the EU hit them with massive fines. All these companies are too cheap to put in proper security.

Honestly, the credit cards are annoying but they're the least of my concern because charges can be reversed! (Though, I do wonder how my Visa was compromised earlier this year, and it was the same Visa that I'd used last time I was at a Starwood... and it was a pain to fix up...) My biggest concern is having unchangeable personal details, which other organisations will accept as some form of authentication or proof of identity, being out there.

Absolutely agree that they need a whopping great big penalty to send a message to the industry that they can't be complacent - and indeed if anyone does slap them with said great big penalty it'll probably be the Europeans.

 

[ajd]

Let me look more deeply at the Experian IdentityWorks package they're offering.

Hmm, I guess I should probably read through the Terms of Use before deciding whether I want to open an account...

9. Unsolicited Idea Submission Policy

When you provide us with comments, suggestions, or ideas (collectively, “Feedback”), such Feedback is not considered confidential and becomes the property of Company and you hereby assign and transfer all right, title and interest (including all intellectual property rights) in and to all such Feedback, as and when created, to Company and unconditionally and irrevocably waive for the benefit of Company, its affiliates and their respective assigneesall rights which cannot be assigned, including moral rights. We are not obligated to you if you provide such Feedback. We are free to use, copy, or distribute the Feedback to others for any purpose in accordance with our Privacy Policy.[NOTE: THIS WOULD NEED TO BE A LINK TO CIC’S PRIVACY POLICY AND NOT CSID’S – CSID TO ENSURE CIC HAS A PRIVACY POLICY IN PLACE IN RELATION TO SUCH FEEDBACK AND ANY OTHER PERSONAL DATA IT MAY PROCESS.]​

Ah yes, I love it when companies post a legally binding contract with [NOTE: PLEASE FIX THIS THING BEFORE APPROVING THIS] just sitting in there. Oh, and I also love it when they include links to other policy documents which are hosted on different websites and are intended for a different corporate subsidiary (see the link to Privacy Policy, which is actually intended for their Mastercard Identity Protection service sold by a bank in Italy).

It makes me feel so much better to know that not even the company itself reads its own terms of service. And so much more confident that their identity monitoring division is appropriately resourced to deal with large scale breach management.

 

[drron]

I probably have now fallen victim to the SPG hack.
Apparently I went to 3 concerts in Perth whilst I was working in Launceston.My details are correct except for the email address and phone number.Hopefully the toerags can be traced.

 

[ChrisGibbs]

I came to the Bonvoy program by virtue of being with SPG for 15+ years / 1580+ nights and no issues with my SPG account being hacked. Since being part of Bonvoy I've been hacked twice in the last 3 months. On the first occasion I noticed my account had been locked for audit after 505,000 points were taken. As requested I changed all my passwords on both my Bonvoy account and email account and checked there was no email forwarding enabled. Last week my account was again hacked for nearly 400,000 points and this time I alerted Bonvoy. It's nearly a week now and I've been told to again change my passwords and email passwords. My account is still being audited...

 

[cove]

Ouch Chris Gibbs!
The world seems to be filled with hackers.
Makes me appreciate the Nigerian letter scammers more.

 

[ChrisGibbs]

I continue to ask Bonvoy how, when and what happened. They continue to provide the canned response which is along line of "we take security seriously and continue to investigate... In the meantime please ensure you change your passwords on your Bonvoy account and your email account". The lack of transparency by Bonvoy into what appears to be their issue should be a concern to all Bonvoy members.