Marriott's guest reservation system hacked

Marriott says the hack affects its Starwood reservation database, potentially exposing the personal information of approximately 500 million guests.

Posted: Dec 1, 2018 4:53 PM
Updated: Dec 1, 2018 4:56 PM

If you've stayed at a Starwood hotel in recent years, there's a good chance you've been impacted by a massive data breach that potentially exposed the personal data of about 500 million guests.

Marriott — which owns Starwood hotels such as the St. Regis and the Westin — on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.

For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. This kind of information could be used to steal your identity and open bank accounts, credit cards or loans in your name.

It's the second biggest corporate data breach in history, behind one involving Yahoo, which said last year that 3 billion accounts among several of its brands were compromised.

Marriott said it will start emailing users who were impacted and it has set up a website with information about the breach.

In the meantime, here's what you can do to protect yourself:

Change your password

Marriott says guests should change their passwords regularly and pick ones that aren't easily guessed. For example, instead of a common phrase, choose a combination of four or more unrelated words with numbers, characters and a mix of upper and lower-case letters.

You should also have different passwords for all the services you use.

"Changing your password will just add one more roadblock to a potential hacker getting into your system," said Aaron Brantly, a cybersecurity expert at Virginia Tech.

Many websites, including social media and financial accounts, offer two-factor authentication for an added layer of security. Even if someone obtains your password, you can't access your accounts without a second piece of information, like a code texted to your phone.

Monitor your accounts for suspicious activity

Marriott recommends customers keep an eye on their Starwood Preferred Guest account for any suspicious activity. Guests should also check their bank, retirement, and brokerage accounts, as well as credit card statements to look for any unauthorized transactions.

Some experts recommend signing up for credit monitoring services or identity theft protection. A more extreme step is putting a freeze on your credit, which blocks anyone from accessing your credit reports without permission.

"Unfortunately, the reality is [these consumers] have to monitor continuously, for generally the rest of their lives," said Brantly. "These types of accounts are sold regularly on the dark web. ... You can usually buy credit card information for a couple dollars per credit card online."

Vivek Lakshman, VP of innovation at cybersecurity firm ThumbSignIn, says consumers can also enroll in services like WebWatcher -- which Marriott is providing for free for a year -- to track their exposure. These sites monitor websites where personal information is shared and alerts consumers if there's evidence of their information is exposed online.

Open a separate credit card for online transactions

Yair Levy, a cybersecurity and information systems expert at Nova Southeastern University, recommends having a credit card dedicated to online shopping. This makes it easier to track transactions and spot fraudulent activity.

If that credit card is compromised, you also won't have to update automatic payments for things like bills.

Limit the information you share

Experts say not to provide information unless it's absolutely required to buy a product or service.

"Consumers should limit what they provide companies based on their need to know. Often, companies gather data that they may not need, but take if volunteered," said Marty Puranik, the CEO of Atlantic.Net, a cloud computing and hosting services provider.

For example, a travel company may ask for passport information, but it may not be required. If it is, you can ask what other forms of identification you can provide instead.

"If you give lower level information, or information that can be changed -- for example, a second credit card to verify your identity -- it is easier to change and protect that then a social security number or passport ID," he said.

But this isn't always possible. If you are traveling internationally, a company like Marriott may require a passport number.

Avoid saving credit card information on websites

Experts recommend minimizing the number of places where you store credit card information. However, this doesn't mean your data will be safe or protected -- it just helps cut down on the risk.

Another option is to use services such as PayPal, Google Pay, or Apple Pay, which let you pay for goods and services without divulging your credit card to the company you're buying from.

Be vigilant

Consumers should work under the assumption cyber criminals already have access to their information as breaches become increasingly common.

"Having a very healthy dose of skepticism moving forward is probably the best way to safeguard yourself in an era where all your information has been divulged, unfortunately," said Brantly.

Experts caution internet users to be wary of "phishing" attempts by bad actors looking to steal your data, including through bogus emails, fake links and fraudulent websites. On its informational website about the hack, Marriott reminded members the company will not ask you to provide your password by phone or email.

"Know you are consistently being exposed [and] consistently under threat -- not necessarily through any fault of your own but accidental disclosures by companies or carelessness by companies. It requires us in the modern era to be vigilant consistently," said Brantly.

Indiana Coronavirus Cases

Data is updated nightly.

Cases: 614946

Reported Deaths: 9807
CountyCasesDeaths
Marion849231342
Lake45784693
Allen33103560
Hamilton29752316
St. Joseph27572383
Elkhart24496346
Vanderburgh19679255
Tippecanoe18150144
Johnson15234296
Porter14970172
Hendricks14550253
Madison11071223
Clark10852145
Vigo10819185
Monroe9496115
Delaware9193136
LaPorte9173164
Howard8325148
Kosciusko811485
Warrick683399
Hancock6783106
Bartholomew6659100
Floyd6522113
Wayne6194164
Grant6050118
Dubois559081
Boone557968
Morgan551996
Henry512365
Marshall507884
Dearborn488745
Cass487864
Noble476159
Jackson428747
Shelby423381
Lawrence395180
Clinton375845
Gibson375560
Harrison354046
DeKalb351365
Montgomery349754
Knox337839
Miami325244
Steuben315846
Whitley313126
Wabash306951
Adams303636
Ripley301646
Putnam299152
Huntington295760
Jasper293035
White275943
Daviess271776
Jefferson267738
Decatur249983
Fayette249949
Greene242763
Posey241828
Wells237551
LaGrange230363
Scott227939
Clay225032
Randolph215848
Jennings200937
Spencer193622
Sullivan193633
Washington189023
Fountain185227
Starke177044
Jay168723
Owen168338
Fulton165430
Orange161035
Carroll160616
Rush156418
Perry156129
Vermillion150034
Franklin149933
Tipton134433
Parke13098
Pike118826
Blackford112023
Pulaski97937
Newton92621
Brown88835
Benton87110
Crawford8099
Martin75013
Warren6867
Switzerland6695
Union6297
Ohio4967
Unassigned0375

Ohio Coronavirus Cases

Data is updated nightly.

Cases: 872918

Reported Deaths: 10856
CountyCasesDeaths
Franklin102616707
Cuyahoga868931154
Hamilton65148455
Montgomery43662420
Summit35411766
Lucas31794634
Butler31451232
Stark26247445
Warren19939144
Lorain19378229
Mahoning17561339
Lake16350161
Clermont16235113
Delaware1463881
Licking13453142
Fairfield1301782
Trumbull12980317
Greene12226144
Medina11798169
Clark11094266
Wood10507158
Allen10031128
Portage9514111
Richland9275134
Miami927273
Marion7512113
Tuscarawas7455186
Columbiana7433124
Pickaway735250
Muskingum714042
Wayne7140172
Erie6253130
Ross5589100
Hancock556292
Scioto545365
Geauga518955
Darke474395
Lawrence464658
Union459130
Ashtabula457973
Sandusky440462
Huron435541
Mercer435590
Seneca435366
Auglaize425166
Belmont423948
Jefferson423969
Shelby422923
Washington396340
Athens38619
Putnam379276
Madison359930
Knox358423
Ashland349638
Fulton341744
Defiance336188
Crawford327274
Preble323637
Brown318821
Logan314835
Ottawa297443
Clinton293944
Highland282219
Williams282267
Jackson266145
Guernsey259326
Champaign254628
Fayette241030
Morrow23594
Perry235518
Holmes227274
Henry222954
Hardin217033
Coshocton208023
Van Wert204445
Gallia200126
Wyandot198151
Pike180918
Adams179815
Hocking174024
Carroll158216
Paulding145521
Noble121040
Meigs110324
Monroe103433
Harrison89821
Morgan84531
Vinton71714
Unassigned00
Fort Wayne
Cloudy
24° wxIcon
Hi: 27° Lo: 21°
Feels Like: 14°
Angola
Partly Cloudy
21° wxIcon
Hi: 24° Lo: 17°
Feels Like: 13°
Huntington
Cloudy
24° wxIcon
Hi: 26° Lo: 21°
Feels Like: 17°
Fort Wayne
Cloudy
24° wxIcon
Hi: 27° Lo: 23°
Feels Like: 14°
Lima
Cloudy
25° wxIcon
Hi: 28° Lo: 23°
Feels Like: 16°
More Clouds than Sun Wednesday
WFFT Radar
WFFT Temperatures
WFFT National

Community Events