Marriott hack hits 500 million Starwood guests

Status
Not open for further replies.

SeatBackForward

Senior Member
Joined
Jun 20, 2006
Posts
5,248
Qantas
LT Gold
Oneworld
Emerald
Marriott hack hits 500 million Starwood guests

The records of 500 million customers of the hotel group Marriott International have been involved in a data breach.

The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party.

It said an internal investigation found an attacker had been able to access to the Starwood network since 2014.

The company said it would notify customers whose records were in the database

Marriott hack hits 500 million guests

Oh boy...
 
So I have been hacked by both BA and now SPG incidents.
 
I'm surprised SPG had 500 million members.
It's not just SPG, it's the entire Starwood reservations database. I do have to wonder how many of those 500 million are duplicates, but in any case it's an absolutely massive breach.

I wonder if there's ever been a larger breach of passport numbers, that could be a fun mess to clean up.
 
A long letter from SPG Today. It begins:

Dear Valued Guest,

Marriott values our guests and understands the importance of protecting your personal information. We have taken measures to investigate and address a data security incident involving the Starwood guest reservation database. The investigation has determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties* on or before September 10, 2018. This notice explains what happened, measures we have taken, and some steps you can take in response.

Starwood Guest Reservation Database Security Incident

On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.
Marriott reported this incident to law enforcement and continues to support their investigation. The company is also notifying regulatory authorities.

etc, etc
 
Is that 1 in 15 of the world population? Every man, woman and child. Maybe they got the decimal places wrong. Or have I?
The 500 million number is certainly what they have been saying. I think that the most likely explanation is that it's 500 million customer records and it's hard to deduplicate many of them which may be the same person staying multiple times who has somehow had multiple records created for them.
 
Luckily all my CC details have expired or been cancelled. Coupled with the frustrating process of merging and issuing of new accounts and numbers - I challenge anyone to make sense of my data.
 
Yeah. I received notifications to two email accounts, so the 500 million could be half that, or less, in terms of actual numbers.

But the last stay I can find by trawling my emails was back in 2010. That probably would have been back in the days of the 'Earth' credit card.

I'm probably thinking there might not be so much of an issue in my case.
 
Betterhalf and myself are both marriotts members.... He has received the email today, I have not. All our bookings with marriotts were done under my account. He hasn't had any bookings in there so had very little info in his account. My last booking was in Sept 2018. I'm wondering if they are sending the emails to the less affected first, aka Old bookings, expired CC's, no bookings in there account so no CC details.... I've already changed the passwords on both of these accounts.

Has anyone received this email and has had a marriotts booking in 2018?

My CC hasn't been compromised as i receive immediate alerts when money has been spent on it.
 
My son opened and operated my Starwood account which is back to zero points.
My Marriott Account is the one I use.
 
Betterhalf and myself are both marriotts members.... He has received the email today, I have not. All our bookings with marriotts were done under my account. He hasn't had any bookings in there so had very little info in his account. My last booking was in Sept 2018. I'm wondering if they are sending the emails to the less affected first, aka Old bookings, expired CC's, no bookings in there account so no CC details.... I've already changed the passwords on both of these accounts.

Has anyone received this email and has had a marriotts booking in 2018?

My CC hasn't been compromised as i receive immediate alerts when money has been spent on it.
The hack was of the Starwood site so if you only stayed at Marriotts then not affected.Records on Starwood are from 2014.
 
Is it anybody going to avail themselves of the free one year subscription to Identity works
 
Is it anybody going to avail themselves of the free one year subscription to Identity works
If anyone has signed up - how much personal information do they ask for? Because I'm not all that keen to hand over more personal information just so they can monitor it...

The best case scenario, in terms of risk of fraud, is that the media reports of it being Chinese military intelligence are correct - in which case there's a much lower risk that this database is going to end up for sale on a dark web site somewhere.
 
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.
Back
Top