Connect with us

Data Breaches Hacker News

Guest Records of 500 Million Starwood Guests Stolen in Huge Data Breach

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Data Breaches

77 Million Nitro PDF Records Compromised

Data Breaches

Solarwinds Hackers Achieve End Goal of Acquiring High-Profile Government Targets

Data Breaches

British Airliner EasyJet Victim of Cyber Attack - 9 Million Records Exposed

Data Breaches

Massive Data Breach of Panama Citizens

Data Breaches

Outlook Breach More Expansive than Previously Thought

Data Breaches

Second Toyota Security Breach puts 3.1 Million Consumers at Risk

Data Breaches Hacker News

Korean Crypto Exchange BitHumb Loses $19 Million to Hackers

Data Breaches Hacker News

Major Aluminum Manufacturer Hit With Cyber Attack Stopping Worldwide Production

Data Breaches

Guest Records of 500 Million Starwood Guests Stolen in Huge Data Breach

Published

5 years ago

on

Guest-Records-of-500-Million-Starwood-Guests-Stolen-in-Huge-Data-Breach

Marriot hotel, the world’s biggest hotel chain, reported today that hackers have compromised a guest reservation database of its Starwood division and around 500 million guest records have been stolen. The identity of the hackers is yet unknown.

Marriott International bought Starwood Hotels and Resorts Worldwide for $13 billion in 2016. Some major hotel brands fall under the umbrella including St Regis, W Hotels, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Aloft Hotels, and more.

With 500 million guest records stolen, the data breach has made history as the second largest data breach ever seen, number one being Yahoo’s 2016 hacking that resulted in 3 billion user accounts being stolen.

It is thought that the data breach on Starwood began in 2014 when an unknown hacker managed to gain access to the guest reservation database and copied and encrypted the information.

Marriott International first became aware of the breach in September this year when their security system alerted them of an outside attempt to access the database.

Marriott launched an investigation and in November concluded that unauthorized access to the database had been occurring for some time.

It is estimated that sensitive personal information of 327 million guests has been stolen. This information includes their names, addresses, email addresses, phone numbers, passport numbers, dates of birth, genders, arrival and departure information, reservation date and communication preferences.

Marriott has confirmed that payment data has not been stolen because “the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).”

However, it is possible that payment data has been stolen. The hackers would simply need two separate components to decrypt the card numbers and payment information, so Marriot hasn’t been able to rule out the possibility that this has occurred.

Marriott has said that they have begun the process of notifying affected customers of the breach.

Because of the GDPR data protection regulation which came into force this year in the EU, Marriott could face a maximum fine of 17 million.

Related Topics:

Technology Enthusiast with a keen eye on the Cyberspace, Entrepreneur, Ethical Hacker

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *