• A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!

Marriott admitted to falsely claim encryption protocols

My main issue with the entire thing is the willful brand / trademark confusion. I really hate that stuff. Like it makes it impossible to trust a brand really, which to my eyes really dilutes the value of a brand in the first place.
 
jp10558 said:
My main issue with the entire thing is the willful brand / trademark confusion. I really hate that stuff. Like it makes it impossible to trust a brand really, which to my eyes really dilutes the value of a brand in the first place.
Click to expand...
Totally Agree. Now this makes me think about the other brands in the Hotel/Timeshare industry.
 
1Kflyerguy said:
Its true these are sperate companies, Marriott, Starwood, and MVC. I think the crossover relevance is that timeshare owners like to travel, and may have been impacted by the breach due to their other travel.

As for the encryption issue, i do wonder if the data did have AES-1 encryption in some of the databases, but also the lower level hash in other others or during transport.
Click to expand...
The whole thing at a technical level confuses me. AES is symmetrical encryption, SHA is a hashing function. They do different things. AES-1 is not even the normal AES from what I can tell from wikipedia, it was superseeded in 1999 by AES-2, and today everyone I know is using AES-256. I don't think SHA1 is a broken hash function either, just that most people recommend SHA256 now due to faster processors.

Hash functions are one way, so getting SHA1 hashes likely doesn't tell you anything as someone else said. AES1 in any recent situation would be considered somewhat weak, but IDK if it's easily breakable without more research.

I guess I should read more if I cared more, but in terms of kibitzing and hot takes - I think this article is confused enough that I can't determine if this is any more than non technical people mistaking the correct term and not actually anything nefarious.
 
billymach4 said:
Totally Agree. Now this makes me think about the other brands in the Hotel/Timeshare industry.
Click to expand...
Maybe you should dig into how Disney has their corporate structure set up and their rides separated from a Legal standpoint. If you're mind is already blown, it'll explode looking at the Disney structure. I think you're smarter than you give yourself credit for and can separate MVC and the hotel brand very easily.
 
billymach4 said:
Totally Agree. Now this makes me think about the other brands in the Hotel/Timeshare industry.
Click to expand...
Yea, they're all franchises now from what I can tell. That said, I'm not against franchises, I usually get about the same at any McDonalds or Arbys or Chilis etc. So far Hilton has been pretty consistent for me too, so I remain a fan.
 
jp10558 said:
Yea, they're all franchises now from what I can tell. That said, I'm not against franchises, I usually get about the same at any McDonalds or Arbys or Chilis etc. So far Hilton has been pretty consistent for me too, so I remain a fan.
Click to expand...

Not quite "all" but a huge huge percentage. In the case of Marriott there are less than 100 properties worldwide that they own & operate.
 
Marriott actively operates or manages about 2,000 properties for the property owner. Then there are properties they own or lease and operate. This is the number that is less than 100. In many cases they may be looking to find a buyer for the property or move it into a REIT. The remaining are all owned and operated by franchisees.
 
So much bad information being thrown about.

Marriott Vacations Worldwide is completely different than Marriott International. I think that 90% of folks on TUG know that.
There were two different Starwood companies: Starwood Hotels got bought by Marriott International, and Starwood Vacation Ownership (which had changed its name to Vistana Signature Experiences) got bought by Interval World, and then Interval World got bought by Marriott Vacations Worldwide.

So in the end, there is the Marriott hotel company (Marriott International) and the Marriott timeshare company (Marriott Vacations Worldwide.) And while they have some contractual relationships (MVW uses MI's brands and their reservations system) the two companies are completely separate financially.

And as complicated as all this is, I do think that 90% of TUG members have at least a general understanding of everything I’ve just stated. It’s kind of funny that someone thinks that because they don’t understand something, nobody else possibly could either.
 
I could care less about the corporate In-Breeding and their respective agreements.
Having been a member here on TUG since 2006 I know all about the Big Fish and the little fish that have been consumed, hatched, grown up, etc.
Hell I even own legacy weeks when Marriott was one big happy family.
I own post legacy weeks with points.

My point is the original post regarding the data breach.

Marriott admits it falsely claimed for five years it was using encryption during 2018 breach

Marriot revealed in a court case around a massive 2018 data breach that it had been using secure hash algorithm 1 and not the much more secure AES-1 encryption as it had earlier maintained.
www.csoonline.com

I appreciate the history.
One more thing. The run of the mill guest and owners outside of TUG have no idea about this detailed history.

Back to my point. Data Breach's and Ransomware attacks they happen daily now.
My PSA is keep your Digital Life safe.
 
Last edited:
daviator said:
So much bad information being thrown about.

Marriott Vacations Worldwide is completely different than Marriott International. I think that 90% of folks on TUG know that.
There were two different Starwood companies: Starwood Hotels got bought by Marriott International, and Starwood Vacation Ownership (which had changed its name to Vistana Signature Experiences) got bought by Interval World, and then Interval World got bought by Marriott Vacations Worldwide.

So in the end, there is the Marriott hotel company (Marriott International) and the Marriott timeshare company (Marriott Vacations Worldwide.) And while they have some contractual relationships (MVW uses MI's brands and their reservations system) the two companies are completely separate financially.

And as complicated as all this is, I do think that 90% of TUG members have at least a general understanding of everything I’ve just stated. It’s kind of funny that someone thinks that because they don’t understand something, nobody else possibly could either.
Click to expand...
How does this affect the outcome of the Data Breach.
 
billymach4 said:
How does this affect the outcome of the Data Breach.
Click to expand...
The outcome was that many people had their data stolen. It was years ago. There have been so many of these that I can’t remember for certain but I think we got free credit monitoring for a period of time. I don’t expect there is going to be any outcome beyond that for most of us.

i absolutely 100% agree with your recommendations on data security. Never reuse passwords, use a password manager with big long complicated passwords that are different for every site, or use passkeys which are supposedly even more secure. I have had my login data stolen in breaches more times than I can count, but (knock on wood) never been victimized using that data, most likely because I have learned to follow the practices you recommend and others.
 
I have nightmares about Ransomware, Identity Theft, Scams of all sorts.
It's out of control.

As you can tell I am more than obsessed about this topic.
 
billymach4 said:
I have nightmares about Ransomware, Identity Theft, Scams of all sorts.
It's out of control.

As you can tell I am more than obsessed about this topic.
Click to expand...
The most important thing you can do is have different passwords for every website and account you have out there. Never use the same password for a financial account anywhere else.
 
daviator said:
So much bad information being thrown about.
Click to expand...
Are you referring to the article? If in this thread, I don't see it. Other than the lack of context in the original post, it seems most people are stating what you also stated. I mentioned the Starwood tie in and it being on the hotel side and not vacaion ownership.
 
Since we are on the subject, the most important password you have (and the one that should be the longest/most difficult and changed the most frequently) is your email password. If someone gets into your email, they can reset all your other passwords since typically the password reset email is all you need to do that. Your cell phone is equally important since many sites text you a code for 2FA.
 
You must log in or register to reply here.
Top