• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

New Marriott data breach impacts 5.2 million guests

by Cyber360 News
April 1, 2020
in Data Breach
0
New Marriott data breach impacts 5.2 million guests
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Previously burned by a hack of its Starwood reservations system, Marriott International on Tuesday disclosed another major data breach, this one affecting 5.2 million of its guests.

According to the Bethesda, Md.-based hospitality giant, the source of the breach was an application that its hotels use to provide guests with various services. Marriott did not name the specific app.

Affected information includes guests’ names, mailing addresses, email addresses, phone numbers, loyalty account numbers and point balances, employers, genders, birthdays (day and month only), airline loyalty program information, and hotel preferences such as room and language selections. There is currently no evidence that Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers were compromised, the company said in an online notification.

“The kinds of information disclosed in the latest Marriott breach might seem innocuous, but it is precisely this kind of intelligence that enables threat actors to better target attacks on consumers. Simply: the more I know about you, the better chance I have of fooling you,” said Gerrit Lansing, field CTO, at Stealthbits.

Marriott said it discovered the breach in late February 2020, after determining that an unauthorized party had been accessing guest information since mid-January, using the stolen app login credentials of two franchise property employees.

“Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests,” said Marriott’s breach disclosure, which was supplemented by notification emails sent to affected guests.

“Breaches that use valid credentials can be harder to detect because the attack looks like a valid login,” said Tim Erlin, VP of product management and strategy at Tripwire, in reaction to the incident. “In these cases, organizations often have to look at what changes that attacker is making as they carry out their objective in order to detect the malicious activity.”

In response to the incident, Marriott has established a self-service portal for customers to see if they are affected, and also set up a series of call centers. Affected guests are eligible for one free year’s enrollment in a personal information monitoring service. Additionally, impacted Marriott Bonvoy members have had their passwords changed and their multi-factor authentication enabled.

Marriott customers must now be wary of their information being leveraged by cybercriminals. “End users want to make sure they continue to be vigilant when it comes to spear phishing or targeted emails about their accounts, as criminals will mix this in with the COVID-19 scam emails that are in circulation,” said James McQuiggan, security awareness advocate at KnowBe4. “By staying vigilant against the COVID-19 emails, people may drop their guard when they see a data breach email scam informing them to change their account password and unknowingly click a link or open an attachment.”

Kelly White, CEO at RiskRecon, criticized Marriott for the data loss incident. “This breach reflects a lack of doing the basics well, specifically two-factor authentication and user account activity monitoring,” said White. “Either of these would have either prevented the breach by increasing the difficulty of stealing the credentials or by dramatically decreasing the scope of compromise. One would think that a franchise account looking up 5.2 million customer accounts was anomalous behavior.”

On Nov. 30, 2018, Marriott disclosed that its Starwood Hotel brand had suffered a years-long breach that affected 500 million individuals entered into the Starwood reservations system. The number of victims was eventually reduced to 383 million, and the incident, which actually began prior to Marriott’s 2016 acquisition of Starwood, was later reportedly attributed to Chinese state hackers.

Cyber360 News

Cyber360 News

Next Post
Kali NetHunter Updates

Kali NetHunter Updates

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In