The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests.
Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels.
The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen.
The breach of Starwood properties has been happening since 2014 after an “unauthorised party” managed to gain unauthorised access to the Starwood’s guest reservation database, and had copied and encrypted the information.
Marriott discovered the breach on September 8 this year after it received an alert from an internal security tool “regarding an attempt to access the Starwood guest reservation database in the United States.”
On November 19, the investigation into the incident revealed that there was unauthorised access to the database, containing “guest information relating to reservations at Starwood properties on or before September 10, 2018.”
The stolen hotel database contains sensitive personal information of nearly 327 million guests, including their names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, genders, arrival and departure information, reservation date, and communication preferences.
What’s worrisome? For some users, stolen data also includes payment card numbers and payment card expiration dates.
images from Hacker News