Friday, 30 November 2018

Marriott-Starwood data breach: 500 million guests may be affected, hackers active since 2014

How bad is the Marriott/Starwood breach disclosed today? "Unauthorized access to the Starwood network since 2014 … For approximately 327M of these guests, the info includes some combination of name, mailing address, phone number, email address, passport number.”

Marriott says information from as many as 500 million people has been compromised, and credit card numbers and expiration dates of some guests may have been taken.

The Marriott hack is one of the largest known data breaches ever disclosed, as measured by the number of individual people potentially affected. The only larger one known is the 2013 Yahoo breach that affected three billion people.

Marriott said it has uncovered unauthorized access that has been taking place within its Starwood network since 2014.

From the New York Times:

The Marriott International hotel chain said on Friday that the database of its Starwood reservation system had been hacked and that the personal details of up to 500 million guests going as far back as 2014 has been compromised.

The hotel group, which runs more than 6,700 properties around the world, was informed in September about an attempt to access the database, and an investigation this month revealed that unauthorized access had been made on or before Sept. 10, Marriott said in a statement.

The investigation also found that an “unauthorized party had copied and encrypted information, and took steps toward removing it,” the statement said.