In November 2018, hotel giant Marriott disclosed that it had suffered one of the largest breaches in history. That hack compromised the information of 500 million people who had made a reservation at a Starwood hotel. On Tuesday, Marriott announced that it had once again been hit, with up to 5.2 million guests at risk. Which is a kind of progress, in a way?
The details of this latest hack seem to be not quite as devastating as the last one, too, given that sensitive information like passport numbers doesn't seem to be affected. Still, that a major company could get hit twice in such a relatively short time frame underscores how at-risk your data is—and how not enough is being done to protect it.
The Hack
According to details provided by Marriott Tuesday, the intrusion dates back to mid-January, when someone used the credentials of two franchise property employees—whether those credentials were stolen is unclear at this point—to access an "unexpected amount of guest information." Those data points included contact details like names, email and home addresses, and phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, like whether you like being near or far from the elevator.
Marriott finally observed the suspicious activity by the end of February, indicating that it persisted for several weeks before getting flagged. Marriott then disabled the credentials, started an investigation, and finally sent out emails on Tuesday to the guests it believes were affected.
While Marriott bears ultimate responsibility, it's worth noting that both of its recent hacks were arguably indirect attack ..
Support the originator by clicking the read the rest link below.
