• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

[merged] Marriot's Starwood Hotel reservation database has been hacked

LONDON — The Marriott International hotel chain said on Friday that the database of its Starwood reservation system had been hacked and that the personal details of up to 500 million guests going as far back as 2014 were compromised.

The hotel group, which runs more than 6,700 properties around the world, was informed in September about an attempt to access the database, and an investigation this month revealed that unauthorized access had been made on or before Sept. 10, Marriott said in a statement.

The investigation also found that an “unauthorized party had copied and encrypted information, and took steps toward removing it,” the statement said.

The hotel chain said that personal details including names, addresses, dates of birth, passport numbers, email addresses and phone numbers for hundreds of millions of guests may have been compromised.
 
Affecting reservations database of Starwood hotels. Potentially affecting 50 million guests!
From Wash Post. https://wapo.st/2Rui0CpM
 
The Marriott News Release says "up to 500 million" and that they "deeply regret it". Apparently they acquired this problem from Starwood nonetheless you would think these big companies would control things better...

George
 
bogey21 said:
The Marriott News Release says "up to 500 million" and that they "deeply regret it". Apparently they acquired this problem from Starwood nonetheless you would think these big companies would control things better...

George
Click to expand...

Cost cutting to boost shareholder profits would be my assessment of why they don’t fund the IT security required to thwart hackers.


Sent from my iPad using Tapatalk Pro
 
According to Wash Post article, the unauthorized access went back to 2014!!!
Astounding :eek:
 
From an article I read this morning.

Marriott-owned Starwood the largest hotel chain in the world, with more than 11 brands covering 1,200 properties, including W Hotels, St. Regis, Sheraton, Westin, Element and more. Starwood branded timeshare properties are also included.

Sent from my SM-N950U using Tapatalk
 
Marriott recently released the information that the Starwood Reservation System has been hacked continuously since 2014 affecting about 500,000,000 Users. It appears that those responsible also Hacked the encryption keys. So data including credit card information was probably compromised.
 
Last edited:
Just what Marriott needs now. I wonder if this is somehow related to the the merger integration issues. They had so many systems issues during the merger that could that have somehow made them more vulnerable. I do not think they were ready for the merger and they need new IT people.

Just read the Wall Street Journal article. I guess Marriott is also concerned that people will be blaming the merger.

Marriott said its internal security tool alerted it of a potential breach to its U.S. database on Sept. 8. After an investigation, the company found that the Starwood guest database may have been compromised since 2014, which precedes Marriott’s acquisition of Starwood. The database contained information for guests who made reservations on or before Sept. 10.

The company found the unauthorized party had copied and encrypted information from the database, and had attempted to steal it. However, it wasn’t until Nov. 19 that Marriott was able to decrypt the information to find out what the contents of the breach were.
 
geist1223 said:
Marriott recently released the information that the Starwood Reservation System has been hacked continuously since 2014 affecting about 500,000,000 Users. It appears that those responsible also Hacked the encryption keys. So no data including credit card information was probably compromised.
Click to expand...

I thought that 327 million of those did have data such as cc numbers passport numbers and dates of reservations compromised.

edited to say it is not clear here is a copy and paste of a comment from marriot


For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.
Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers.
 
Last edited:
Some additional information:

The Marriott hack is one of the largest data breaches ever disclosed, measured by the number of individuals potentially affected. Only a 2013 breach of Yahoo AABA +1.21% that affected three billion people, nearly the entirety of Yahoo’s user base, may be bigger, security experts said.​

The compromise of passport information could be the most significant aspect of the Marriott breach, particularly if it was carried out by a state-sponsored actor for intelligence purposes, said Mr. Darche, a former official with National Security Agency.​

“We are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network,” Mr. Sorenson said.​
 
Wall Street Journal articles says a lot of personal data was potentially accessed:

For roughly two-thirds of the guests who were possibly affected, an unauthorized party may have had access to names, addresses, phone numbers, email addresses, passport numbers and travel details, Marriott said Friday. In some cases, the company said, the information also included payment-card information. Marriott said payment-card numbers are usually encrypted, though it could not rule out that card information was stolen.​
 
Moderator suggestion: There are two active threads on this hack (the second is in the Marriott forum). I suggest the threads be consolidated.

I suggest merging into the Lounge forum, because there are many TUGgers (like myself) who might be affected but are not Marriott Vacation Club owners and don't spend time in the Marriott forum.
 
Moderator suggestion: There are two active threads on this hack (the second is in the Lounge). I suggest the threads be consolidated.

I suggest merging into the Lounge forum, because there are many TUGgers (like myself) who might be affected but are not Marriott Vacation Club owners and don't spend time in the Marriott forum.
 
T_R_Oglodyte said:
Moderator suggestion: There are two active threads on this hack (the second is in the Lounge). I suggest the threads be consolidated.

I suggest merging into the Lounge forum, because there are many TUGgers (like myself) who might be affected but are not Marriott Vacation Club owners and don't spend time in the Marriott forum.
Click to expand...

There's also a thread in the Vistana forum.
 
Thanks you TravelTime for that very helpful article. First TJ Maxx, Target, now Marriott’s when is it going to stop?
 
bogey21 said:
The Marriott News Release says "up to 500 million" and that they "deeply regret it". Apparently they acquired this problem from Starwood nonetheless you would think these big companies would control things better...

George
Click to expand...

But hey, at least they "deeply regret it".


Wouldn't surprise me if it was done by an IT worker who was cut as part of the consolidation.
 
Passport number is yuuuuuge, y'all. I'm sure they "deeply regret" it; the depth of their regret will be proportional to the depths that their stock prices sinks today and Monday. Talk about releasing this news on Take Out the Trash day....
 
500 Million Marriott Customers Affected in Massive Data Breach
By Bloomberg/ Business/ Security/ Time/ time.com

"Marriott International Inc. said it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history. Marriott shares slumped 5.6 percent in pre-market trading.

The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests, and for about 327 million of them, the data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.

The Marriott hack may rank only below Yahoo as one of the biggest of personal data, when 3 billion users were exposed to a 2013 security breach.

Regulators and consumers have been stepping up their action against companies that have suffered security breaches as such attacks have increasingly become more severe. Target Corp. last year agreed to pay $18.5 million to settle investigations by dozens of states over a 2013 hack of its database in which the personal information of millions of customers was stolen, while Equifax is facing billion-dollar law suits and a regulatory investigation.

“The breach is so big that the company may face a large fine from the authorities and the market is factoring that in,” said Juan Jose Fernandez Figares, chief analyst at Link Securities in Madrid. “This is yet another company that has been hit by a hacking and a reminder to any company that manages customers’s personal data that they need to work harder to protect them from future attacks.”

Marriott’s statement indicates the hacking was going on years before the company acquired Starwood in a deal valued at about $13.6 billion that closed in September 2016. Marriott’s database contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. For some, it also included payment card details, said Marriott, which didn’t identify who the perpetrators might be....."

Richard
 
Regardless whether you have actively stayed in a SPG related venue, I just checked and my Marriott p.w. is exactly the same as the Starwood one, so when did that occur??? and I think it may be prudent to change passwords (at the very least.) Probably won't stop the real "damage" if there is any, but I've stuck my finger in the dam in any case...
 
brianfox said:
But hey, at least they "deeply regret it".


Wouldn't surprise me if it was done by an IT worker who was cut as part of the consolidation.
Click to expand...

That person would have had a great crystal ball since the breach began in 2014.
 
You must log in or register to reply here.
Top