Marriott's guest reservation system hacked

Marriott says the hack affects its Starwood reservation database, potentially exposing the personal information of approximately 500 million guests.

Posted: Dec 1, 2018 3:26 PM
Updated: Dec 1, 2018 3:56 PM

If you've stayed at a Starwood hotel in recent years, there's a good chance you've been impacted by a massive data breach that potentially exposed the personal data of about 500 million guests.

Marriott — which owns Starwood hotels such as the St. Regis and the Westin — on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.

For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. This kind of information could be used to steal your identity and open bank accounts, credit cards or loans in your name.

It's the second biggest corporate data breach in history, behind one involving Yahoo, which said last year that 3 billion accounts among several of its brands were compromised.

Marriott said it will start emailing users who were impacted and it has set up a website with information about the breach.

In the meantime, here's what you can do to protect yourself:

Change your password

Marriott says guests should change their passwords regularly and pick ones that aren't easily guessed. For example, instead of a common phrase, choose a combination of four or more unrelated words with numbers, characters and a mix of upper and lower-case letters.

You should also have different passwords for all the services you use.

"Changing your password will just add one more roadblock to a potential hacker getting into your system," said Aaron Brantly, a cybersecurity expert at Virginia Tech.

Many websites, including social media and financial accounts, offer two-factor authentication for an added layer of security. Even if someone obtains your password, you can't access your accounts without a second piece of information, like a code texted to your phone.

Monitor your accounts for suspicious activity

Marriott recommends customers keep an eye on their Starwood Preferred Guest account for any suspicious activity. Guests should also check their bank, retirement, and brokerage accounts, as well as credit card statements to look for any unauthorized transactions.

Some experts recommend signing up for credit monitoring services or identity theft protection. A more extreme step is putting a freeze on your credit, which blocks anyone from accessing your credit reports without permission.

"Unfortunately, the reality is [these consumers] have to monitor continuously, for generally the rest of their lives," said Brantly. "These types of accounts are sold regularly on the dark web. ... You can usually buy credit card information for a couple dollars per credit card online."

Vivek Lakshman, VP of innovation at cybersecurity firm ThumbSignIn, says consumers can also enroll in services like WebWatcher -- which Marriott is providing for free for a year -- to track their exposure. These sites monitor websites where personal information is shared and alerts consumers if there's evidence of their information is exposed online.

Open a separate credit card for online transactions

Yair Levy, a cybersecurity and information systems expert at Nova Southeastern University, recommends having a credit card dedicated to online shopping. This makes it easier to track transactions and spot fraudulent activity.

If that credit card is compromised, you also won't have to update automatic payments for things like bills.

Limit the information you share

Experts say not to provide information unless it's absolutely required to buy a product or service.

"Consumers should limit what they provide companies based on their need to know. Often, companies gather data that they may not need, but take if volunteered," said Marty Puranik, the CEO of Atlantic.Net, a cloud computing and hosting services provider.

For example, a travel company may ask for passport information, but it may not be required. If it is, you can ask what other forms of identification you can provide instead.

"If you give lower level information, or information that can be changed -- for example, a second credit card to verify your identity -- it is easier to change and protect that then a social security number or passport ID," he said.

But this isn't always possible. If you are traveling internationally, a company like Marriott may require a passport number.

Avoid saving credit card information on websites

Experts recommend minimizing the number of places where you store credit card information. However, this doesn't mean your data will be safe or protected -- it just helps cut down on the risk.

Another option is to use services such as PayPal, Google Pay, or Apple Pay, which let you pay for goods and services without divulging your credit card to the company you're buying from.

Be vigilant

Consumers should work under the assumption cyber criminals already have access to their information as breaches become increasingly common.

"Having a very healthy dose of skepticism moving forward is probably the best way to safeguard yourself in an era where all your information has been divulged, unfortunately," said Brantly.

Experts caution internet users to be wary of "phishing" attempts by bad actors looking to steal your data, including through bogus emails, fake links and fraudulent websites. On its informational website about the hack, Marriott reminded members the company will not ask you to provide your password by phone or email.

"Know you are consistently being exposed [and] consistently under threat -- not necessarily through any fault of your own but accidental disclosures by companies or carelessness by companies. It requires us in the modern era to be vigilant consistently," said Brantly.

Huntsville
Clear
73° wxIcon
Hi: 91° Lo: 71°
Feels Like: 73°
Florence
Clear
73° wxIcon
Hi: 97° Lo: 73°
Feels Like: 73°
Fayetteville
Clear
70° wxIcon
Hi: 92° Lo: 71°
Feels Like: 70°
Decatur
Clear
70° wxIcon
Hi: 94° Lo: 71°
Feels Like: 70°
Scottsboro
Broken Clouds
70° wxIcon
Hi: 91° Lo: 71°
Feels Like: 70°
WAAY Radar
WAAY WAAY-TV Cam
WAAY Temperatures

Alabama Coronavirus Cases

Confirmed Cases: 94827

Reported Deaths: 1674
CountyConfirmedDeaths
Jefferson12743242
Mobile9565206
Montgomery6521148
Madison525030
Tuscaloosa410371
Unassigned347461
Baldwin344323
Shelby320133
Marshall309034
Lee262844
Morgan233017
Etowah207530
DeKalb177113
Calhoun170413
Elmore169438
Walker150264
Houston136412
Russell13422
Dallas131123
St. Clair131016
Limestone128413
Franklin125820
Cullman120112
Colbert115613
Lauderdale113917
Autauga106521
Escambia105416
Talladega98613
Jackson9454
Tallapoosa84979
Chambers83538
Dale82323
Blount7743
Chilton7676
Butler75935
Coffee7475
Covington72620
Pike6907
Barbour5695
Lowndes56724
Marion56724
Marengo54614
Clarke4969
Hale46726
Bullock45411
Winston44411
Perry4364
Wilcox41810
Bibb4164
Monroe4154
Randolph39410
Pickens3849
Conecuh38210
Sumter36218
Lawrence3441
Macon33213
Washington32712
Crenshaw3133
Choctaw27912
Cherokee2637
Geneva2550
Henry2523
Greene25011
Clay2495
Lamar2172
Fayette1985
Cleburne1251
Coosa1012
Out of AL00

Tennessee Coronavirus Cases

Confirmed Cases: 118782

Reported Deaths: 1206
CountyConfirmedDeaths
Shelby22635302
Davidson20185212
Rutherford640453
Hamilton597052
Knox440737
Williamson344825
Sumner336573
Unassigned30809
Out of TN284216
Wilson222923
Montgomery188313
Bradley187412
Sevier18307
Putnam171717
Trousdale15826
Robertson152119
Hamblen137214
Blount124310
Washington12002
Tipton11839
Maury11787
Madison102417
Sullivan93312
Bedford90811
Hardeman87517
Macon85613
Lake7820
Loudon7183
Bledsoe6901
Fayette6708
Gibson6705
Anderson6686
Dickson6662
Dyer6197
Cheatham5737
Jefferson5523
Henderson5472
Lawrence5346
McMinn52420
Rhea5221
Obion5194
Coffee5073
Warren4984
Carter4976
Lauderdale4878
Haywood4576
Hardin4538
Cocke4502
Greene4477
Smith4464
Hawkins4357
Roane4332
Cumberland4126
Monroe4079
Weakley3974
Giles36913
McNairy3665
DeKalb3392
Franklin3134
Carroll2903
Marshall2833
Lincoln2761
White2735
Henry2660
Crockett2604
Johnson2580
Claiborne2550
Hickman2530
Campbell2391
Wayne2252
Marion2164
Chester2112
Decatur1983
Polk1953
Grainger1940
Overton1751
Unicoi1560
Union1500
Cannon1420
Benton1391
Humphreys1203
Jackson1181
Scott1180
Grundy1112
Morgan1031
Sequatchie1020
Meigs1010
Fentress880
Hancock781
Perry770
Clay740
Stewart730
Lewis711
Moore600
Houston570
Van Buren350
Pickett311

Community Events