Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Marriott | Marriott Bonvoy
Reload this Page >

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

Marriott Data Breach [from Starwood database] : 500 Million Guests affected

    Hide Wikipost
Old Apr 4, 19, 10:42 pm   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: MasterGeek
Wiki Link
From Starwood Lurker team :
Please visit  info.starwoodhotels.com  for more information about this incident, available resources and steps you can take.

Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced on Friday that it had "taken measures to investigate and address a data security incident" that stemmed from its Starwood guest authorization database.
The company said it believes that around 500 million people's information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.

http://uk.businessinsider.com/marrio...8-11?r=US&IR=T
https://www.prnewswire.com/news-rele...300758155.html

You can enroll in the "identity" monitoring service provided by Marriott due to this breach here, it cannot be called "credit monitoring" because it doesn't provide access to viewing credit bureau report data (as held by Equifax, TransUnion, Experian) nor notifications when credit report data changes :
https://answers.kroll.com/us/index.html
Print Wikipost

Reply

Old Nov 30, 18, 4:00 pm
  #181  
 
Join Date: Apr 2003
Location: DEN/BDL/LGA/HPN
Programs: Marriott Plat Premier; AA EXP 2MM; AS MVP, Hilton Gold, CH-47/UH-60/C-23/C-130 VET
Posts: 4,828
Originally Posted by yeunganson View Post
Hopefully with the help of the FBI, they can find out if it was foreign governments or sophisticated crooks did it.

Both SPG and Marriott had at least average level of IT staff and commercially available enterprise level security software . So the hack was able to be undetected since 2014 means it's should be a sophisticated hack that went around all the security.

I am prepared to show of understanding if Marriott/SPG was hacked by foreign governments. There is little defense on this type of hacking. Recall the Bloomberg news a month ago of Chinese government putting a small chip on server motherboards to hack Apple and other Silicon Valley giants to steal technology secrets. All elite government hacking teams have access to Operating System holes that maybe the original manufacturer (be it Microsoft or Google or Apple) don't know yet. National law enforcement agencies (including the FBI) also buys services from data security companies that sole purpose is to find vulnerability on devices/computers to help law enforcement "get in" when the accused is uncooperative with a court order. The point is... Every system has holes and those with deep pockets and deep talent (normally governments) can get through like a cyber version of Mission Impossible. It would be unrealistic for commercial entities to guard their system to the near impenetrable level like Pentagon/CIA guard their systems.
Originally Posted by ethernal View Post
Well, with how everyone's data is already out there it's hard to nail exact causes for ID theft. It's no data that hasn't already been leaked before.

While unlikely, it could also be a state actor or industrial espionage. Knowing where people are planning to go is useful information for both states or for unscrupulous enterprises. Think M&A, unusual financial auditing activity, where certain government officials plan to go before announcements, and so on.
Well ... if it has been in place since 2014 and we don't have wide spread evidence of legacy SPG members having identity theft issues, this might suggest a state actor was continuing to mine data to track individuals rather than a rogue group seeking to cash in. At a minimum, if this was an economic theft, we would have seen a number of reports of compromised SPG Amex cards or Marriott Chase cards -- presumably both Chase and Amex are able to identify patterns. I have only used one card at legacy SPG properties since 2014 -- and its the only one I've had continuously for several years and haven't had to replace it because of data breaches (its the Chase Marriott card and I only use it for Marriott /SPG stays).

There is at least one country out there that scrapes data broadly like this for state purposes ...
C17PSGR is offline  
Reply With Quote
Old Nov 30, 18, 4:07 pm
  #182  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 87,351
Originally Posted by Sisyphus1carus View Post
How many shares in the company do I need to own in order to have a vote at the AGM to vote against any rise in the salaries / bonuses of the board of directors ??
1 is enough.
GUWonder is offline  
Reply With Quote
Old Nov 30, 18, 4:15 pm
  #183  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,536
Originally Posted by Dave510 View Post
Trolling? How so?
Marriott only inherited SPG's apparently-inadequate IT; to use "Marriott" here in a pejorative fashion is trolling, IMO. SPG people might not have liked the MR website pre-merger, but at least it wasn't being pillaged for 4 years before then- which would probably still be going on, unbeknownst to SPG had MR not had to delve deep into the IT while they try and sort out this problemmatic merger.
kennycrudup is offline  
Reply With Quote
Old Nov 30, 18, 4:16 pm
  #184  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 87,351
What makes you so sure that Marriott's systems haven't been hacked before too? I would be very surprised if there weren't at least two state actors that swiped a chunk of Marriott customer data from the era before Marriott even acquired SPG.

Originally Posted by kennycrudup View Post
If there was any (hard) evidence required of the level of irrational hatred of MR by SPG loyalists, this thread is it.

Imagine that after some time and negotiation, I finally buy a classic car I've been interested in for a while. In the process of cleaning it up to get it show-ready, I find hairs in the grill that are then later found to be connected to the victim of a fatal hit-and-run that happened years ago. If some here on FT had their way, I would be on trial for first-degree murder.
To get the analogy straight, the grill would have hairs from more than one victim, with at least one of the victims being killed during your ownership and sole possession of the car/car keys. Then you become a suspect for at least one count of vehicular manslaughter.

Last edited by GUWonder; Nov 30, 18 at 4:22 pm
GUWonder is offline  
Reply With Quote
Old Nov 30, 18, 4:18 pm
  #185  
 
Join Date: Aug 2014
Location: YYZ
Programs: Marriott/SPG, BR, CX, Aeroplan
Posts: 403
Originally Posted by kennycrudup View Post
Marriott only inherited SPG's apparently-inadequate IT; to use "Marriott" here in a pejorative fashion is trolling, IMO. SPG people might not have liked the MR website pre-merger, but at least it wasn't being pillaged for 4 years before then- which would probably still be going on, unbeknownst to SPG had MR not had to delve deep into the IT while they try and sort out this problemmatic merger.
I guess if you buy Marriott's party line wholesale, then you'll believe it's all SPG's fault, despite reservation information up to Sept, 2018 being leaked. It's easy to scapegoat SPG now.
Dave510 is offline  
Reply With Quote
Old Nov 30, 18, 4:19 pm
  #186  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,536
Originally Posted by Dave510 View Post
It's easy to scapegoat SPG now.
2014.
kennycrudup is offline  
Reply With Quote
Old Nov 30, 18, 4:21 pm
  #187  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,536
Originally Posted by GUWonder View Post
To get the analogy straight ...
... the car would have to be "Christine", inherited by the soul of a fired SPG IT Manager and killing at night without my knowledge. (I didn't feel like paying Stephen King royalties.)
kennycrudup is offline  
Reply With Quote
Old Nov 30, 18, 4:23 pm
  #188  
 
Join Date: Aug 2014
Location: YYZ
Programs: Marriott/SPG, BR, CX, Aeroplan
Posts: 403
Originally Posted by kennycrudup View Post
2014.
Up until Sept 2018.
Dave510 is offline  
Reply With Quote
Old Nov 30, 18, 4:25 pm
  #189  
FlyerTalk Evangelist
 
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,510
if there had not been merger (and problems) would they ever have noticed
wonder how many of these discoveries are accidental, not good
Twickenham likes this.

Last edited by Kagehitokiri; Nov 30, 18 at 6:11 pm
Kagehitokiri is offline  
Reply With Quote
Old Nov 30, 18, 4:26 pm
  #190  
 
Join Date: Dec 2006
Location: SJC
Programs: Bonvoy Tit Forever, AmEx Plat, National EE, WN CP, CLEAR
Posts: 3,536
Originally Posted by Dave510 View Post
Up until Sept 2018.
Trolling, then. OK.
kennycrudup is offline  
Reply With Quote
Old Nov 30, 18, 4:26 pm
  #191  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 87,351
Originally Posted by kennycrudup View Post
... the car would have to be "Christine", inherited by the soul of a fired SPG IT Manager and killing at night without my knowledge. (I didn't feel like paying Stephen King royalties.)
But, no, it wouldn't have to be.
GUWonder is offline  
Reply With Quote
Old Nov 30, 18, 4:27 pm
  #192  
 
Join Date: Jun 2011
Location: PHL
Posts: 617
I had two stays over the Thanksgiving weekend, and the first hotel had no indication of my platinum status which meant no upgrades, no welcome amenity, no breakfast. The app showed my account under audit. I called to see what was up and they told me there was an unauthorized login on my account and I had to send a copy of my ID, which I did. Called back and they said that the team that could unlock my account wouldn't be in until Monday. So the second hotel (checked in Sunday night, out Monday AM) also didn't see my status. Luckily, I'd booked a rate with breakfast (only bc it was the same price as without) so we didn't have to pay for breakfast that morning. Anyway, I'm thinking this probably had something to do with that "unauthorized access".
TimesTwo is offline  
Reply With Quote
Old Nov 30, 18, 4:28 pm
  #193  
A FlyerTalk Posting Legend
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 87,351
Originally Posted by Kagehitokiri View Post
confusing..

only reservations / central reservations?
not SPG account information?

if there had not been a merger (and problems) would they ever have noticed
To answer the last question, my best guess is yes it would have been noticed at some point.
GUWonder is offline  
Reply With Quote
Old Nov 30, 18, 4:34 pm
  #194  
FlyerTalk Evangelist
 
Join Date: Feb 2004
Location: YVR
Programs: AC E75K 2MM former 14-year SE; UA MP Silver; Marriott Bonvoy Lifetime Titanium Elite
Posts: 27,587
I have a headache keeping up with this forum with the daily crappolla from Starriott. Now this. Disappointing all around.
yyznomad is offline  
Reply With Quote
Old Nov 30, 18, 5:11 pm
  #195  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 79,691
Originally Posted by GUWonder View Post
1 is enough.
One share of common stock under most corporate by-laws is enough to vote in BOD elections, but typically salaries and perks for top executives (and BOD positions) are set by some compensation committee of the BOD. Shareholders generally don't vote directly on the CEO's salary.
MSPeconomist is offline  
Reply With Quote

Thread Tools
Search this Thread