Marriott hacked - 500 million visitors info exposed

[Mook]

https://www.cnn.com/2018/11/30/tech/marriott-hotels-hacked/

New York (CNN Business)Marriott says its guest reservation system has been hacked, potentially exposing the personal information of approximately 500 million guests.

The hotel chain said Friday the hack affects its Starwood reservation database, a group of hotels it bought in 2016 that includes the St. Regis, Westin, Sheraton and W Hotels.

Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers.

Click to read more...

 

[Mook]

Seems to me, access to your passport ID is a pretty big problem.

 

[Yaj Yak]

marriott would ask for passport ID to reserve a room?

 

[Mook]

Probably more for international customers? They're global so

 

[Mook]

[MENTION=270]The Italian[/MENTION] works for hotels.

 

[Yaj Yak]

good point.

either way, fucked.

 

[LikeABauce302]

Great. I've stayed at Marriott hotels a ton over the last 2 years.

 

[Mr_Roboto]

Welp waiting for a new CC.

 

[Mr_Roboto]

And had to ask someone. My company doesn't do their res. Bullet fucking dodged.

 

[Yaj Yak]

almost like nowadays, it's not IF you're info will be exposed, but moreover, when.

 

[LikeABauce302]

Over the last year, I've had my credit card number stolen 2 or 3 times. I wonder if it's related. I use the card daily, so it could have happened anywhere though.

 

[Mr_Roboto]

almost like nowadays, it's not IF you're info will be exposed, but moreover, when.

A lot of modern security systems rely on tracking data leakage as well as the breech its self; In an odd way it's probably easier to track data leakage because there is typically more of it and it doesn't matter what they use to do the hacking.

 

[radioguy6]

I'm guessing if you stayed at a Marriott hotel outside the US they'd have your passport number. This not good.

 

[Yaj Yak]

I mean, ive stayed at hotels outside of the US and i dont think they need/should get my passport information frankly.

 

[Lord Tin Foilhat]

Companies should NEVER permanently save card details IMO. And if they do....SALTED HASH!!!!!

personally, i avoid saving my credit/debit card information on any service if possible. Yeah its a pain typing in the card or your bank account when buying/making payments BUT it can protect you from companies mishandling your data.

 

[Mr_Roboto]

Companies should NEVER permanently save card details IMO. And if they do....SALTED HASH!!!!!

personally, i avoid saving my credit/debit card information on any service if possible. Yeah its a pain typing in the card or your bank account when buying/making payments BUT it can protect you from companies mishandling your data.

I wish "one shot" CC #s would take off. A browser API of some kind where you'd enter your auth and it would fill the details in automatically would be great. Obviously 2 factor.

 

[Lord Tin Foilhat]

I wish "one shot" CC #s would take off. A browser API of some kind where you'd enter your auth and it would fill the details in automatically would be great. Obviously 2 factor.

Some companies do that, but a majority don't. I agree. Randomly generated 1 time use virtual CCs would be nice

 

[sickmint79]

Seems to me, access to your passport ID is a pretty big problem.

i don't think that's likely to be a problem. if someone physically stole your passport though, that's definitely a problem.

 

[wombat]

almost like nowadays, it's not IF you're info will be exposed, but moreover, when.

Been like that for a long time now. Ever since customer data started to be collected, actually. There are only two types of companies out there: One that know they've been hacked, and one that doesn't.

 

[ChrisRac]

It should be noted the hacks go all the way back to 2014 and, as far as I’ve read, don’t affect Marriott guests. Just Starwood guests.

I’ve never asked for a passport to make a reservation. And if a guest uses one as an ID during the check-in process, no information from it is recorded on the res. We just verify names match.

At least in the US. Don’t know what the process is for other countries.

 

[Blood on Blood]

Fucking cock knocks

 

[frank]

When I go to Cancun or playa del Carmen Mexico when I check into the hotel they always make a copy of passport for security reasons.