In November 2018, Marriott International experienced a significant data breach involving unauthorized access to one of its reservation systems. The breach affected the Starwood hotels, including Sheraton, Westin, and Le Meridien. The incident dates back to 2014, and sensitive customer information was compromised. The breach was discovered in September 2018, and Marriott announced it later that year. This event highlights the importance of robust security measures to protect sensitive data and the need for constant vigilance in the face of potential cyber threats.

How many accounts were compromised?

The breach impacted data related to approximately 383 million individuals.

What data was leaked?

The data exposed in the breach included credit card numbers, expiration dates, cardholder names, email addresses, passport numbers, mailing addresses, phone numbers, and reservation details.

How was Marriott International hacked?

Hackers breached Marriott's Starwood reservation system by using a Remote Access Trojan (RAT) and MimiKatz, a tool for sniffing out username/password combos in system memory, to gain control of an administrator account. The attackers encrypted the data they exfiltrated from the system, which included personal information, credit card details, and passport info dating back to 2014. Marriott's security failings, such as a lack of defense in depth and failure to perform due diligence on Starwood's IT infrastructure before acquiring it, contributed to the breach.

Marriott International's solution

In response to the hack, Marriott International took several measures to enhance security and prevent future incidents. Although specific details of the security measures are not available, it is known that Marriott has taken proper steps to improve security since the breach. The company also conducted an investigation into the incident, notified law enforcement, and supported further investigation. While there is no mention of Marriott encouraging customers to change their passwords, the hotel chain has been working to address the security issues and protect customer data.

How do I know if I was affected?

Marriott International reached out to affected users following the breach. If you believe you may have been affected but did not receive a notification, you can visit Have I Been Pwned to check if your credentials were compromised.

What should affected users do?

In general, affected users should:

1. Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

2. Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

3. Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

4. Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or financial institution.

For more specific help and instructions related to Marriott International's data breach, please contact Marriott International's support directly.

Where can I go to learn more?

If you want to find more information on the Marriott International data breach, check out the following news articles:

• Marriott data breach FAQ: How did it happen and what was the impact?

• Marriott Data Breach FAQ: What Really Happened?

• Latest Marriott breach shows a human error pattern