The largest expert travel community:
  • 741,364 Total members
  • 7,633 Users online now
  • 1,682,734 Threads
  • 30,369,314 Posts

Hackers Hit Starwood Accounts with Reused Passwords

Hackers Hit Starwood Accounts with Reused Passwords
Jeff Edwards


A recent spate of fraud involving travel rewards accounts appears to be tied to hackers exploiting the reuse of passwords across accounts.

In the wake of the latest security breach of Starwood Preferred Guest accounts, security experts are urging consumers to use unique username and password credentials for each and every online account. Journalist and Internet security expert Brain Krebs warns that the recent attacks at Starwood can be traced to account holders using the same credentials across multiple online accounts.

“The spike in fraud appears to be tied to a combination of password re-use and the release of a tool that automates the checking of account credentials at the website for the popular travel rewards program,” Krebs wrote on his blog,

Krebs reports that the Starwood fraud coincides with the release of a hacking tool that specifically targets Starwood accounts. The automated tool published on the hacker forum allows even low-level hackers to match passwords gleaned from other websites with Starwood rewards accounts. also provides tips on how to disable security alerts designed to tip off account holders that fraudulent activity is occurring.

Starwood Vice President Chris Holdren told Krebs that the recent attacks against Starwood mirror similar attacks against rewards programs, including Hilton HHonors, American Airlines AAdvantage and United Airlines MileagePlus.

“They appear to be using credentials from elsewhere and seeing how many of those match up to Starwood accounts to see how many hits they can get,” said Holdren, adding that Starwood will work closely with members to restore affected accounts. “Not one guest is going to lose even a single Starwood point through this activity.”

[Photo: iStock]

View Comments (1)

1 Comment

  1. emcampbe

    January 25, 2015 at 7:33 pm

    Security people have been telling folks for years not to use the same passwords everywhere. Many didn’t listen, so its no surprise we have these kinds of attacks. Perhaps excusable a few years ago, when there weren’t easy ways to manage passwords. Now, there are many free or low-cost password managers that make this easy to handle. It won’t solve the problem 100% (what does?) but would make it much more difficult for these kind of attacks to happen. If we each made a small investment, it would make a huge problem as close to non-existant as possible.

You must be logged in on the FORUM to post a comment Login

Leave a Reply

More in Hotels

Should You Really Be Tipping $10/Day in Hotels?

Woaria RashidMarch 21, 2019

Why There May Be A Sex Offender in Your Budget Hotel

Jackie ReddyMarch 17, 2019

Equinox Fitness Set to Launch Hotel This Summer in NYC

Jeff EdwardsMarch 15, 2019

Copyright © 2014 Top News Theme. Theme by MVP Themes, powered by Wordpress.