It seems to be the season of breaches and hacks. With Marriott reporting its breach on November 30, 2018 and Quora reporting its breach on Dec 7, 2018, it seems that hackers are determined to penetrate systems and grab the personal information of innocent users and use it for their gain!
Marriott data breach:
Here is what we know about Marriott data breach:
- A security incident affected the Starwood guest reservation database
- “Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties (Sheraton Vacation Club, Westin Vacation Club, The Luxury Collection Residence Club, St. Regis Residence Club, and Vistana) are also included” (Reference: https://answers.kroll.com/)
- Marriott bought this group of Starwood group of hotels in 2016
- All guests who stayed at a Starwood property on or before September 10, 2018 may have had their data compromised
- The unauthorized access to the Starwood guest database may have started in 2014
- Information of about 500 million guests may have been compromised
- For about 327 million guests, information such as name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences may have been compromised
- Other information that may have been stolen, include payment card numbers and payment card expiration dates. The payment card numbers were encrypted using the very secure AES-128 bit encryption and yet there is a possibility that they may have been accessed
What is being done?
- Marriott has hence reported the breach to law enforcement
- Marriott has set up a call center in different countries to answer questions regarding the breach
- An email notification has been sent to all the guests in the Starwood reservation database
- Guests and patrons are also requested to enroll in ‘WebWatcher’ a monitoring software that can track emails, SMS, Twitter and more remotely. This is done to track any private information that maybe leaked on any social media sites
- Marriott may pay for new US passports for affected patrons if they can prove that they have been affected by the fraud
What can be done by you?
- Users are always requested to monitor their credit card statements and bank account information for any unusual charges
- Users are also requested change their passwords
- It is also imperative to be alert and look out for fraudulent activity – if anything suspicious is visible, it is necessary to alert local law enforcement immediately
- If patrons think that their US passport may have been compromised then it is necessary for them to apply for a new US passport
Quora data breach:
Question and answer site, ‘Quora’ reported an unauthorized access that affected the personal details of 100 million customers on December 7, 2018.
What was compromised?
- name, email address, encrypted passwords, data linked from other accounts
- upvotes, downvotes, answer requests, questions, answers and more
- Anonymous questions and answers were not affected
What is being done by Quora?
- All users who were supposedly breached, were logged out and were asked to login with a new password
- Security improvements are being promised so that such incidents do not occur in the future
What can you do?
- ‘Quora’ and other passwords must be changed
- It is also essential to make sure that the passwords are not the same for multiple sites
- It is also good to not link sites, so that even if one site gets compromised, hackers will not gain access and other personal information through other sites