Over the weekend, Marriott, one of the world’s largest hotel chains announced a significant breach into their network. Over 500 Million accounts were potentially compromised and the damage could be even worse as the investigation continues.
The source of the breach comes not from Marriott itself but Starwood, the company that was acquired by the chain in 2016. On September 8th, a security tool alerted the chain that they were compromised. After investigating the breach, it was discovered that 500 million accounts mostly from the Starwood chain hotels were hit and compromised over the last 4 years. Most of these accounts had among them, credit card information, emails and perhaps the scariest, passport numbers.
The scope of the breach is much worse because of past actions. Another smaller breach, this one in 2015 before Starwood was bought out, was not fully investigated and thus missed a second potential agent in their systems.1 This recent breach, second only to the Yahoo hack in size, will be extremely costly for the chain. They’ve already announced credit monitoring for their customers. In addition, they will pay for new passports, which at an average price of $110 will not be cheap.2
The hack was a result of an agent in the Starwood’s reservation system. The previous breach while small, could have easily hid a second agent that went undetected for four years. The potential ramifications could lead to larger security issues and even overhauls of identity protection.
As with any potential breach, you need to keep up to date on your security protocols. Never click on factious links or emails that you don’t know. Use dual factor authentication for anything that deals with your identity.
1https://www.forbes.com/sites/thomasbrewster/2018/12/03/revealed-marriotts-500-million-hack-came-after-a-string-of-security-breaches/#bcebfc5546f4
2https://www.marketwatch.com/story/after-massive-hack-marriott-pledges-to-pay-for-new-passports-if-fraud-has-taken-place-2018-12-03