cancel
Showing results for 
Search instead for 
Did you mean: 

Marriott/Starwood Hacked - 500 million accounts compromised.

Highlighted
Valued Contributor

Marriott/Starwood Hacked - 500 million accounts compromised.

Breaking from CNN this morning https://www.cnn.com/2018/11/30/tech/marriott-hotels-hacked/index.html

 

I know a lot of you guys have the SPG card, read the article and check your stuff. 

 

Thats a huge data breach, and it apparently dates back all the way to 2014.



(▀̿Ĺ̯▀̿ ̿) (⌐▀͡ ̯ʖ▀)
14 REPLIES 14
Highlighted
Senior Contributor

HUGE SPG hack 500 million people

If Marriott didn't have enough problems with this merger, it just got worse.

 

It appears SPG was exposed since 2014........Wow!


Personal Cards: Amex Plat | Amex Delta Res | Amex Hilton | CSR | Citi AA Exec Business Cards: Ink+ | Amex BGR
Message 2 of 15
Highlighted
Moderator

Re: Marriot/Starwood Hacked - 500 million accounts compromised.

Yep just saw this callig @K-in-Boston ..

 

 

Message 3 of 15
Highlighted
Valued Contributor

Re: Marriot/Starwood Hacked - 500 million accounts compromised.

 

Not good for SPG/Marriott PR, that's for sure.

 

Also not like all of my potentially breached data (except CC numbers) wasn't already out there anyway, and even that's Chase's problem now.

Message 4 of 15
Highlighted
Super Contributor

Re: Marriot/Starwood Hacked - 500 million accounts compromised.

500 million? Can you imagine the lawyers salivating at the size of that class action?


Message 5 of 15
Highlighted
Valued Contributor

Re: Marriot/Starwood Hacked - 500 million accounts compromised.

What really bothers me, even though I shouldnt be in this breach since ive never used marriot/starwood related services, is that this is the first data breach i have yet seen to flat out say they cant guarantee that CC information wasnt taken.

 

They said they dont know if that information was compromised, which is scary, ive never seen a victim claim anything but "financial information remained secure, etc"

 

 



(▀̿Ĺ̯▀̿ ̿) (⌐▀͡ ̯ʖ▀)
Message 6 of 15
Highlighted
Moderator

Re: Marriot/Starwood Hacked - 500 million accounts compromised.


@iced wrote:

 

Also not like all of my potentially breached data (except CC numbers) wasn't already out there anyway, and even that's Chase's problem now.


It's sad to say, but at this point I'm just kind of "yeah, whatever" when it comes to this stuff now.  Since it was only the Starwood side, they don't have much more info than my name, DOB, address, primary email address, and potentially my SPG card number.  Most of that's public information anyway, and I'm not at all worried about any fraudulent transactions on an Amex card since I'm confident with their track record on my Gold Card over the years that Amex will likely call me before I'm even aware of the transactions.

 

Also a big shout out to BBC News for waking me up 5 minutes before my alarm went off this morning with the push notification on this story!  Smiley Frustrated

Message 7 of 15
Highlighted
Valued Contributor

Re: Marriot/Starwood Hacked - 500 million accounts compromised.


@K-in-Boston wrote:

@iced wrote:

 

Also not like all of my potentially breached data (except CC numbers) wasn't already out there anyway, and even that's Chase's problem now.


It's sad to say, but at this point I'm just kind of "yeah, whatever" when it comes to this stuff now.  Since it was only the Starwood side, they don't have much more info than my name, DOB, address, primary email address, and potentially my SPG card number.  Most of that's public information anyway, and I'm not at all worried about any fraudulent transactions on an Amex card since I'm confident with their track record on my Gold Card over the years that Amex will likely call me before I'm even aware of the transactions.

 

Also a big shout out to BBC News for waking me up 5 minutes before my alarm went off this morning with the push notification on this story!  Smiley Frustrated


That may be true for savvy folks like you or I, the so called steven seagal because of the dominos thing, but my fear is for those folks who dont realize, who dont constantly monitor, who may not know what to look for.

 

Then one day blammo, 10 grand in unauthorized charges across multiple accounts, too late to do much about it, etc.  Those are the people I was thinking of when I said it was scary.



(▀̿Ĺ̯▀̿ ̿) (⌐▀͡ ̯ʖ▀)
Message 8 of 15
Highlighted
Valued Contributor

Re: Marriot/Starwood Hacked - 500 million accounts compromised.


@TheCreditGame wrote:

What really bothers me, even though I shouldnt be in this breach since ive never used marriot/starwood related services, is that this is the first data breach i have yet seen to flat out say they cant guarantee that CC information wasnt taken.

 

They said they dont know if that information was compromised, which is scary, ive never seen a victim claim anything but "financial information remained secure, etc"

 

 


Including card data in the breach was (probably) a CYA move because assessing the exact extent of damage or data loss on compromised systems is impossible unless the intruders were sloppy amateur-hour script kiddies. Rootkits have gotten very sophisticated over the years, and it's often impossible to say for certain what data has been or has not been pulled off a system. At that point, the only sound assumption is that all data on the system is tainted or leaked. If you can't prove only X and Y data was breached, you have to CYA and say it was all breached. Game over.

 

The reason some breaches are able to say PCI data was or was not taken is because that data is usually segregated on entirely different systems and networks for regulatory reasons. The amount of due diligence required to certifiy that PCI- or HIPAA-protected data is secure is much higher (and more expensive and inconvenient) than general personal information such as names, addresses, and phone numbers. It sounds like in this case, either the systems hosting PCI data were the ones compromised or there was evidence that the intruders accessed/communicated with the PCI systems. If I can't prove what data was exchanged between systems, and I know one system trusts the other, I'm back to the above - I have to assume both systems were at risk.

 

Message 9 of 15
Highlighted
Moderator Emeritus

Re: Marriot/Starwood Hacked - 500 million accounts compromised.


@kilroy8 wrote:

500 million? Can you imagine the lawyers salivating at the size of that class action?


On a data breach?

 

There are plenty of reasons for class action, but I don't think this qualifies at least under current US law?  Actually I don't think it would even on the EU's GPDR.




        
Message 10 of 15
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.