The data of up to 500 million people who have stayed at Starwood Hotels, could have been compromised. Unauthorized access, within the Starwood Network, has been taking place since 2014 according to Marriott.
On Friday, the company said that credit card numbers and expiration of some guests, may have been taken. This means that for approximately 327 million people, their exposure includes some combination of name, mailing address, phone number, date of birth, gender, arrival and departure dates, reservation date and communication preferences. However, for some guests, data was limited mailing and email address.
Marriot have said there was a breach of its database in September, which stored guest information relating to reservations at Starwood properties on or before September 10.
The Starwood chain operates hotels under the following names: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood timeshare properties are also included.
Through investigation, Marriott International Inc discovered that someone not only copied but encrypted guest information and tried to remove it altogether.
Two years ago, Marriott and Starwood were merged, and attempts to combine the two hotels’ loyalty programs have been marred by technical difficulties. CEO Arne Sorenson made a prepared statement on Friday saying that Marriott is still trying to phase out Starwood Systems
Alan Crowetz, WPTVs Internet Security expert with Infostream said that the ‘Scope is amazing’. I almost thought it was a mistake, the scope is so large.
He said that anyone who uses the same password for multiple accounts, will be the most vulnerable. The first thing someone is going to try to do with a database such as this, is try all the known banks, using the passwords and usernames.
He also offered some advice for creating a secure password:
- At least 10 characters
- At least one uppercase letter
- At least one numeral and symbol
Marriott has since set up a website as well as a call center for anyone who suspects they may be at risk, and on Friday said they would begin sending emails to all those affected.
Marriott’s share price saw a 6% drop before the opening bell.