Blog, Events & News
Marriott Security Breach Affects 500 Million Customers
By Netacea / 04th Dec 2018
The Marriott Security Breach
AKA Data Breach, Information Breach
The Marriott security data breach, revealed on November 30, is the most recent addition to the list of the largest data breaches of all time. The hotel chain has been breached, exposing both financial and personal data of up to 500 million customers, meaning that it’s currently up there with Yahoo! (est 3b records), Adult Friend Finder (est 400m) and Myspace (est 300m).
As we begin to piece together the true extent and size of the Marriott security breach, we know that unauthorised access to the database has potentially compromised the names, residential details, gender, email address, phone numbers and possibly payment information of about 327 million guests. The payment information was encrypted, but it is not yet clear if the encryption keys have been stolen too.
Marriott have suggested that guests who have stayed at any properties that are linked to the Stargate Preferred Guest Program (loyalty rewards) that booked on and before 10th September 2018 are likely to have been affected. More alarmingly, this could have been going on for over four years.
An investigation flagged that an internal employee had unauthorized access to booking network called Starwood, directly linked to the Starwood guest reservation database – where data is stored. Marriott has seen that the unauthorised party copied and encrypted information, and then started to remove it from the network. An internal security tool alerted the hotel giant about this activity, and upon investigation, it was discovered the stolen data was linked to the Starwood guest database.
What Happens After a Security Breach?
Once data is stolen in such data breaches, its typically sold or made available to other groups of adversaries to perform further crime such as credit card fraud, identity theft and fake account creation. The availability of this mass data rings alarm bells for account takeover attacks, which rely on user credentials.
Other areas of avenue for exploration are not necessarily primary targets for the attackers would be the loyalty card program details of hotel guests – usually, these points can be exchanged for discounted bookings and free night stays. The Starwood Preferred Guest Program has two main ways to earn rewards, via the loyalty program itself and via the Starwood PGP Credit Card. Should details of either be confirmed to be leaked, it could be an extremely lucrative haul of cash and points – we will need to wait for further details.
Hackers usually obtain credential data through a variety of methods, including exploiting vulnerabilities in platforms such as websites and mobile apps, targeting individuals by testing the theory that many people use the same or similar credentials across multiple sites, or by compromising an insider within the target organisation to gain access to the network. A full investigation and analysis of the breach is underway which should provide better insight to methods used, the risks to those affected, and consequent remediation action. This an all-too-familiar pattern that puts the spotlight back on to credential data.
Preventing a Data Breach
As part of a layered approach to website security, tools such as bot management software can allow you prevent data breaches and fight account takeover attacks before they happen – identifying bots using stolen credentials to breach and takeover genuine user accounts.
Netacea utilises enterprise-scale machine learning and behavioural anomaly detection to build a profile of what is normal behaviour vs. the potentially malicious behaviour on your web application.
By being able to process millions of data point per minute we’re able to determine the obvious bad actors from the real visitors quickly and effectively by profiling all visitors and their behaviours against each other. This allows us to empower our customers by delivering the relevant insights into customer behaviour on the application and any deviations in behaviour from what is normal. This provides vital protection from potential account takeover threats that emerge when breaches such as this occur.