cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,061
Marriott International has provided an update to the "Starwood" data breach that was initially thought to have affected 500 million of its customers. After "working closely with its internal and external forensics and analytics investigation team" Marriott was able to determine that the number of customers affected is likely to be less than 383 million! The actual number affected is likely less than that as some guests seem to have multiple entries in the database.

Marriott failed to encrypt 5.25 million customer passport numbers that the hackers pilfered, but the other 20.3 million passports were encrypted. Marriott International is confident that the hackers, who are thought to be Chinese government agents, won't be able to decode the files because they would need access to the master encryption key. Marriott says credit card information was encrypted, but some credit card information seems to have been entered in the wrong areas on forms in plain text. This erroneous information lacks encryption, but it only affects less than 2,000 customers. If the company figures out it is indeed credit card information, then steps will be taken to protect the affected customers. Marriott has discontinued the Starwood database and has transitioned all reservations to the Marriott system.

"We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened," said Arne Sorenson, Marriott's President and Chief Executive Officer. "As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers' concerns and meet the standard of excellence our customers deserve and expect from Marriott."
 
Marriott International is confident that the hackers, who are thought to be Chinese government agents, won't be able to decode the files because they would need access to the master encryption key


you mean the same people who were able to fly under the radar during another security probe, what 2 years ago? and remain on your network gathering all sorts of info..
 
Hacking we hear about is only the tip of iceberg. Assume your information has been compromised multiple times. At minimum report your debit cards lost annually. Keep at least a months worth of cash at home.

Xcept the passport numbers this would be Redundant data after the experian hack. Our modern identity and credit system is headed for a total collapse. It will take our debt fueled lives with it.
 
It's not hard to encrypt information. The systems being used wouldn't notice the extra work required to encrypt the information. Why not just encrypt everything by default? (Of course, you have to safeguard your key...can't say I have faith in most companies to do that.)
 
Hacking we hear about is only the tip of iceberg. Assume your information has been compromised multiple times. At minimum report your debit cards lost annually.
Wonder why we don't just go full crazy ... and stop using a series of numbers that can identify us, or more to the point make a "clone" of us. Why is my credit the one that can get fucked up if someone "steals my identity"? I'm not the one who lost it, I'm not the one who approved everything be open in my name, should be a very simply matter of making a phone call and saying "this shit is mine, that's not, now you fucking deal with it" I mean christ the IRS does it all the time if you screw up your taxes. My bank account drained? No, I did not drain, you let someone else drain it, my money better well be there when I want it. Harder for me to get a loan now? Yeah, no... the guys who had my information for no reason other than to keep my information will back the loan 100%

*sigh* Yeah.... too bad these companies who have more voting power than we do get push through the laws that cause us victims to ultimately pay the price.
 
Back
Top