Marriott Website: Data Security Glitch
Jul 17, 2013 | 2:23 am
#1
Original Poster
Join Date: Jul 2010
Posts: 319
Marriott Website: Data Security Glitch
Hi All,
I just wanted to check my wife`s MR account and found a data security breach on the Marriott website. I logged out of my account and signed in with her MR number and password. It pulled up her account info with name, MR number, amount of points correctly. But when I went into the account activity, it shows the entire account history of MY account - not my wifes! Even when I change dates, click a bit around... it will stay my account activity info.
Now, not that I have any stays to hide from my wife
but this is a bad leak in my mind. Could be anybody else log into their account at another computer after I logged out and they would see what my account history is.
How should I handle this? Report to Marriott rep on FT? Can anybody reproduce it at their computer? Browser is IE.
Thanks!
I just wanted to check my wife`s MR account and found a data security breach on the Marriott website. I logged out of my account and signed in with her MR number and password. It pulled up her account info with name, MR number, amount of points correctly. But when I went into the account activity, it shows the entire account history of MY account - not my wifes! Even when I change dates, click a bit around... it will stay my account activity info.
Now, not that I have any stays to hide from my wife
but this is a bad leak in my mind. Could be anybody else log into their account at another computer after I logged out and they would see what my account history is.How should I handle this? Report to Marriott rep on FT? Can anybody reproduce it at their computer? Browser is IE.
Thanks!
Jul 17, 2013 | 2:26 am
#2
Suspended
Join Date: Jul 2005
Location: Thailand
Programs: Marriott - P; HH - G; Hyatt - P; Avis - LT First
Posts: 5,023
happened to me all the time..........my IT folks just said don't keep either account in memory and since then this problem doesn't reoccur........
Hi All,
I just wanted to check my wife`s MR account and found a data security breach on the Marriott website. I logged out of my account and signed in with her MR number and password. It pulled up her account info with name, MR number, amount of points correctly. But when I went into the account activity, it shows the entire account history of MY account - not my wifes! Even when I change dates, click a bit around... it will stay my account activity info.
Now, not that I have any stays to hide from my wife but this is a bad leak in my mind. Could be anybody else log into their account at another computer after I logged out and they would see what my account history is.
How should I handle this? Report to Marriott rep on FT? Can anybody reproduce it at their computer? Browser is IE.
Thanks!
I just wanted to check my wife`s MR account and found a data security breach on the Marriott website. I logged out of my account and signed in with her MR number and password. It pulled up her account info with name, MR number, amount of points correctly. But when I went into the account activity, it shows the entire account history of MY account - not my wifes! Even when I change dates, click a bit around... it will stay my account activity info.
Now, not that I have any stays to hide from my wife
but this is a bad leak in my mind. Could be anybody else log into their account at another computer after I logged out and they would see what my account history is.How should I handle this? Report to Marriott rep on FT? Can anybody reproduce it at their computer? Browser is IE.
Thanks!
Jul 17, 2013 | 6:15 am
#3
Join Date: Aug 2004
Location: DCA, EGE, IAD
Programs: MR LTT, BA Gold, AA LTP, UA Silver
Posts: 6,094
Well if you want to chew up a lot of your time, follow-up with Marriott. However, their IT department doesn't care and couldn't code themselves out of a wet paper bag. They have introduced enhancements over the past 3 years that have resulted in a less functional memory hogging web site, that loads slow as molasses in the middle of January, and requires 5 mouse clicks instead of the previous 2 to do the same thing. I have complained multiple times for 2 years about basic navigation functionality that disappeared following their enhancements, to no avail. IT/Marketing cares more about how it looks on the surface and doesn't give a rat's butt (FT automatically puts ... for "a.s" - geez, really?) about the underlying functionality and user experience. JMHO
Jul 17, 2013 | 7:14 am
#4
Join Date: Jan 2009
Location: TUL
Programs: AA EXP 2MM; Marriott Titanium; Hyatt Explorist; MVC Chairman
Posts: 6,181
Jul 17, 2013 | 8:33 am
#5
Original Poster
Join Date: Jul 2010
Posts: 319
This is not about my IE memory cache. I think this is a great example of why all the NSA spying is such a big deal in Europe and nobody in the US cares. It`s different cultures in regards to data protection.
If there was a error rate where you could save 20 cents on a hotel night there would be 100 replies in 5 minutes. But in this case, where Marriott does not protect sensitive account information of millions of customers and let`s strange people see others personal info - nobody gives a .... here!
Amazing.
Who knows what else can be accessed that I as an IT amateur didn`t find our yet...
If there was a error rate where you could save 20 cents on a hotel night there would be 100 replies in 5 minutes. But in this case, where Marriott does not protect sensitive account information of millions of customers and let`s strange people see others personal info - nobody gives a .... here!
Amazing.Who knows what else can be accessed that I as an IT amateur didn`t find our yet...
Jul 17, 2013 | 3:32 pm
#6
Company Representative - Marriott Concierge
Join Date: Aug 2003
Location: Salt Lake City, UT
Posts: 1,083
Hosserunda - I'll be in touch directly to troubleshoot further.
Jul 18, 2013 | 5:32 am
#7
Join Date: Apr 2011
Location: BOS
Programs: Marriott, AAdvantage, United, Club Carlson
Posts: 1,687
Clear the cookie and try again. You're using the same browser.