"Millions of Guests Impacted in Marriott Data Breach, Again"
Marriott hotels, for the second time in two years, has suffered a significant data breach. This current breach affects approximately 5.2 million of their guests. The attack was carried out by adversaries through a third-party software that Marriott's hotel properties use to provide guest services. The adversaries were able to obtain the login credentials for this third-party software, used by two employees at a franchise property. Once the adversaries gained the login credentials, they were able to access a lot of information about guests. The stolen data includes full contact details of guests (names, mailing addresses, email addresses, and phone numbers), and other personal data like company, gender, and birthdays. The adversaries were also able to obtain guests' account numbers and point balance of the Marriott's loyalty program (not password or PINs), linked airline loyalty programs and numbers, guest preferences such as stay/room preferences, and language preferences. No payment card information, passport information, national IDs, or driver's license numbers were obtained during the breach. The breach began in mid-January and continued for about a month and a half. Once it was discovered, Marriott disabled the compromised logins and started the investigation.
Threatpost reports: "Millions of Guests Impacted in Marriott Data Breach, Again"