Skip to Main Content

Marriott: 500m guest records exposed

Everyone who loves to travel knows how important it is to reserve rooms in advance – otherwise you might be out of luck once you arrive at your destination. The good thing: Nowadays it’s exceedingly easy to book rooms online, no matter for which hotel. The bad news: Since everything is online, the dangers of getting hacked are also pretty high.

Now Marriott’s Starwood guest reservation system was targeted and got hacked. The result: A breached database and the information of 500 Million guests stolen.

500 million Starwood hotel guests’ data exposed

It all started in 2016, when Marriott and Starwood merged. Starwood brought on St. Regis, Westin, Sheraton and W Hotels – and a reservation system that was already breached. Yes, you read that right – hackers apparently have had unauthorized access to the system since 2014.

Since then it seems that around 500 million guests who made a reservation at a Starwood property may have been compromised. There information including names and email addresses was accessed and copied by the cybercriminals. If this seems bad it gets worse: For 237 million users the information includes some combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

Some guests hit the “jackpot

Hold your horses, we are not yet finished. According to their information site for some, the stolen data also includes payment card numbers and payment card expiration dates. While the information was encrypted via the AES-128 algorithm the hotel chain cannot say for sure whether the two needed decryption components were taken as well.

The hotel chain set up an informational website and a call center supporting several languages to help their guests and answer questions they might have concerning the incident. They should also have started sending out mails to everyone affected.

Smart service warns against data misuse

Here’s a great tip if you’re worried about the above and want to protect yourself: Avira Identity Scanner, a new solution from Avira, warns you if your identity is being misused. To tell you, Avira Identity Scanner scours the visible and invisible internet (Dark Web) specifically looking for your information – including your credit card and account details. If any of your data is being misused, it gives you a warning and tips on what steps you can take to counter data misuse.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.