/

Marriott Data Breach: What & How It Happened?

Marriott Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In November 2018, Marriott experienced a significant data breach that had been ongoing since 2014. The incident involved unauthorized access to one of Marriott's systems, compromising a large number of customer records. This cybersecurity breach led to financial penalties and damage to Marriott's reputation.

How many accounts were compromised?

The breach impacted data related to approximately 400 million individuals.

What data was leaked?

The data exposed in the breach included credit card details, passport numbers, and birthdates of guests, as well as other personal information and guest reservation details.

How was Marriott hacked?

Hackers compromised Marriott's reservation system, gaining access to sensitive guest information. The exact methods remain unclear, but it is speculated that they used a Remote Access Trojan (RAT) and MimiKatz, a tool for sniffing out username/password combos in system memory. The breach was discovered in 2018, but the attackers had been in the system since 2014, maintaining access without detection for four years.

Marriott's solution

In response to the hack, Marriott took several measures to secure its platform and prevent future incidents. While specific enhanced security measures remain unclear, Marriott conducted an internal investigation to uncover the extent of the breach and the methods used by the attackers. The company also announced the breach and informed affected customers about the stolen data, which included personal information and payment card details.

How do I know if I was affected?

Marriott reached out to affected customers to inform them about the breach. If you're a Marriott customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity. If you notice anything unusual, report it to the appropriate platform or financial institution immediately.

For more specific help and instructions related to Marriott's data breach, please contact Marriott's support directly.

Where can I go to learn more?

If you want to find more information on the Marriott data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Marriott Data Breach: What & How It Happened?

Marriott Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In November 2018, Marriott experienced a significant data breach that had been ongoing since 2014. The incident involved unauthorized access to one of Marriott's systems, compromising a large number of customer records. This cybersecurity breach led to financial penalties and damage to Marriott's reputation.

How many accounts were compromised?

The breach impacted data related to approximately 400 million individuals.

What data was leaked?

The data exposed in the breach included credit card details, passport numbers, and birthdates of guests, as well as other personal information and guest reservation details.

How was Marriott hacked?

Hackers compromised Marriott's reservation system, gaining access to sensitive guest information. The exact methods remain unclear, but it is speculated that they used a Remote Access Trojan (RAT) and MimiKatz, a tool for sniffing out username/password combos in system memory. The breach was discovered in 2018, but the attackers had been in the system since 2014, maintaining access without detection for four years.

Marriott's solution

In response to the hack, Marriott took several measures to secure its platform and prevent future incidents. While specific enhanced security measures remain unclear, Marriott conducted an internal investigation to uncover the extent of the breach and the methods used by the attackers. The company also announced the breach and informed affected customers about the stolen data, which included personal information and payment card details.

How do I know if I was affected?

Marriott reached out to affected customers to inform them about the breach. If you're a Marriott customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity. If you notice anything unusual, report it to the appropriate platform or financial institution immediately.

For more specific help and instructions related to Marriott's data breach, please contact Marriott's support directly.

Where can I go to learn more?

If you want to find more information on the Marriott data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Marriott Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In November 2018, Marriott experienced a significant data breach that had been ongoing since 2014. The incident involved unauthorized access to one of Marriott's systems, compromising a large number of customer records. This cybersecurity breach led to financial penalties and damage to Marriott's reputation.

How many accounts were compromised?

The breach impacted data related to approximately 400 million individuals.

What data was leaked?

The data exposed in the breach included credit card details, passport numbers, and birthdates of guests, as well as other personal information and guest reservation details.

How was Marriott hacked?

Hackers compromised Marriott's reservation system, gaining access to sensitive guest information. The exact methods remain unclear, but it is speculated that they used a Remote Access Trojan (RAT) and MimiKatz, a tool for sniffing out username/password combos in system memory. The breach was discovered in 2018, but the attackers had been in the system since 2014, maintaining access without detection for four years.

Marriott's solution

In response to the hack, Marriott took several measures to secure its platform and prevent future incidents. While specific enhanced security measures remain unclear, Marriott conducted an internal investigation to uncover the extent of the breach and the methods used by the attackers. The company also announced the breach and informed affected customers about the stolen data, which included personal information and payment card details.

How do I know if I was affected?

Marriott reached out to affected customers to inform them about the breach. If you're a Marriott customer and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity. If you notice anything unusual, report it to the appropriate platform or financial institution immediately.

For more specific help and instructions related to Marriott's data breach, please contact Marriott's support directly.

Where can I go to learn more?

If you want to find more information on the Marriott data breach, check out the following news articles: