- Ariana Grande spoke with TikTok teen who looks exactly like her 1 Year Ago
- Beyoncé accused of paying dancers ‘low rates’ Today 11:58 AM
- Timmy Thick blasted for saying the N-word in comeback video Today 9:11 AM
- Netflix’s ‘The Confession Killer’ is a devastating and well-built portrait of a con artist Today 8:00 AM
- Swipe This! I’m ashamed to tell anyone about my online shopping habit Today 6:00 AM
- UPS facing backlash for thanking police after employee killed in shootout Saturday 5:02 PM
- Sanders campaign fires staffer after anti-Semitic, homophobic tweets surface Saturday 3:13 PM
- Brother Nature was attacked, says everyone just watched with phones out Saturday 2:45 PM
- Ryan Reynolds’ gin company hires Peloton wife for ad Saturday 1:24 PM
- Ex-vegan YouTuber accused of fraud after following meat-only diet Saturday 1:11 PM
- The 15 best Disney+ hidden gems and deep cuts Saturday 12:23 PM
- Everyone in GoFundMe scam involving homeless veteran has now pleaded guilty Saturday 12:06 PM
- Boy invites kindergarten class to his adoption–and people are emotional Saturday 11:56 AM
- Reddit links leaked trade deal documents to Russian campaign Saturday 10:44 AM
- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Saturday 8:30 AM
If you’ve visited a Marriott-owned hotel in the past four years, you may want to change your passwords and double-check your credit card statement. The hotel recently identified a database breach that impacted up to 500 million customers over four years’ time.
In 2014, hackers received “unauthorized access” to the Starwood Hotels and Resorts reservation system’s database, which includes the Westin, Sheraton, and W Hotels, among others. That unauthorized party “copied and encrypted information” from the database. Two years later, Marriott purchased Starwood, but the parent company did not discover a breach until it noticed “unauthorized access” into the database on Sept. 8.
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” Marriott announced in an official statement, according to NBC News.
Marriott has since set up an official website detailing information on the hack and its impact on customers. According to the site, 327 million guests’ exposed data included “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”
That exposed information also includes payment card numbers and expiration dates for “some” customers, although these cards were encrypted with Advanced Encryption Standard encryption. It remains unclear if that data was decrypted.
“There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken,” Marriott announced.
For Marriott customers potentially impacted by the hack, the hotel chain has created a dedicated call center to answer questions about the breach, available seven days per week across various languages. Emails are rolling out to impacted guests as well, and the hotel chain is offering one-year access to WebWatcher, a service that monitors the internet to see if their personal information has been shared.
“From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts,” Marriott wrote on its website. “Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center. We are supporting the efforts of law enforcement and working with leading security experts to improve.”
Marriott may face more than customer unease. New York Attorney General Barabara Underwood has opened an investigation into the hack, stressing residents “deserve to know that their personal information will be protected.” Meanwhile, Marriott may face penalization if it violated the European Union’s General Data Protection Regulation.
“The size and scale of this thing is huge,” KPMG’s Privacy Advisory Practice’s global lead Mark Thompson told CNN, stressing that Marriott will “likely” face a penalty.
Marriott’s Starwood database breach is one of the largest personal information hacks in world history, eclipsed by Yahoo. In 2013, a network breach impacted three billion users after hackers stole names, phone numbers, birth dates, passwords, security questions, and backup email addresses from the web service.
- 5 free fax services that will help you fax online in seconds
- The secret to canceling your Comcast service
- How to check your Facebook messages without Messenger
Ana Valens is a reporter specializing in online queer communities, marginalized identities, and adult content creation. She is Daily Dot's Trans/Sex columnist. Her work has appeared at Vice, Vox, Truthout, Bitch Media, Kill Screen, Rolling Stone, and the Toast. She lives in Brooklyn, New York, and spends her free time developing queer adult games.