STREAMING NOW: Watch Now

Marriott's guest reservation system hacked

Marriott says the hack affects its Starwood reservation database, potentially exposing the personal information of approximately 500 million guests.

Posted: Dec 1, 2018 4:51 PM
Updated: Dec 1, 2018 4:56 PM

If you've stayed at a Starwood hotel in recent years, there's a good chance you've been impacted by a massive data breach that potentially exposed the personal data of about 500 million guests.

Marriott — which owns Starwood hotels such as the St. Regis and the Westin — on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.

For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. This kind of information could be used to steal your identity and open bank accounts, credit cards or loans in your name.

It's the second biggest corporate data breach in history, behind one involving Yahoo, which said last year that 3 billion accounts among several of its brands were compromised.

Marriott said it will start emailing users who were impacted and it has set up a website with information about the breach.

In the meantime, here's what you can do to protect yourself:

Change your password

Marriott says guests should change their passwords regularly and pick ones that aren't easily guessed. For example, instead of a common phrase, choose a combination of four or more unrelated words with numbers, characters and a mix of upper and lower-case letters.

You should also have different passwords for all the services you use.

"Changing your password will just add one more roadblock to a potential hacker getting into your system," said Aaron Brantly, a cybersecurity expert at Virginia Tech.

Many websites, including social media and financial accounts, offer two-factor authentication for an added layer of security. Even if someone obtains your password, you can't access your accounts without a second piece of information, like a code texted to your phone.

Monitor your accounts for suspicious activity

Marriott recommends customers keep an eye on their Starwood Preferred Guest account for any suspicious activity. Guests should also check their bank, retirement, and brokerage accounts, as well as credit card statements to look for any unauthorized transactions.

Some experts recommend signing up for credit monitoring services or identity theft protection. A more extreme step is putting a freeze on your credit, which blocks anyone from accessing your credit reports without permission.

"Unfortunately, the reality is [these consumers] have to monitor continuously, for generally the rest of their lives," said Brantly. "These types of accounts are sold regularly on the dark web. ... You can usually buy credit card information for a couple dollars per credit card online."

Vivek Lakshman, VP of innovation at cybersecurity firm ThumbSignIn, says consumers can also enroll in services like WebWatcher -- which Marriott is providing for free for a year -- to track their exposure. These sites monitor websites where personal information is shared and alerts consumers if there's evidence of their information is exposed online.

Open a separate credit card for online transactions

Yair Levy, a cybersecurity and information systems expert at Nova Southeastern University, recommends having a credit card dedicated to online shopping. This makes it easier to track transactions and spot fraudulent activity.

If that credit card is compromised, you also won't have to update automatic payments for things like bills.

Limit the information you share

Experts say not to provide information unless it's absolutely required to buy a product or service.

"Consumers should limit what they provide companies based on their need to know. Often, companies gather data that they may not need, but take if volunteered," said Marty Puranik, the CEO of Atlantic.Net, a cloud computing and hosting services provider.

For example, a travel company may ask for passport information, but it may not be required. If it is, you can ask what other forms of identification you can provide instead.

"If you give lower level information, or information that can be changed -- for example, a second credit card to verify your identity -- it is easier to change and protect that then a social security number or passport ID," he said.

But this isn't always possible. If you are traveling internationally, a company like Marriott may require a passport number.

Avoid saving credit card information on websites

Experts recommend minimizing the number of places where you store credit card information. However, this doesn't mean your data will be safe or protected -- it just helps cut down on the risk.

Another option is to use services such as PayPal, Google Pay, or Apple Pay, which let you pay for goods and services without divulging your credit card to the company you're buying from.

Be vigilant

Consumers should work under the assumption cyber criminals already have access to their information as breaches become increasingly common.

"Having a very healthy dose of skepticism moving forward is probably the best way to safeguard yourself in an era where all your information has been divulged, unfortunately," said Brantly.

Experts caution internet users to be wary of "phishing" attempts by bad actors looking to steal your data, including through bogus emails, fake links and fraudulent websites. On its informational website about the hack, Marriott reminded members the company will not ask you to provide your password by phone or email.

"Know you are consistently being exposed [and] consistently under threat -- not necessarily through any fault of your own but accidental disclosures by companies or carelessness by companies. It requires us in the modern era to be vigilant consistently," said Brantly.

Terre Haute
Overcast
64° wxIcon
Hi: 64° Lo: 57°
Feels Like: 64°
Robinson
Overcast
58° wxIcon
Hi: 62° Lo: 54°
Feels Like: 58°
Indianapolis
Overcast
61° wxIcon
Hi: 64° Lo: 58°
Feels Like: 61°
Rockville
Overcast
55° wxIcon
Hi: 63° Lo: 57°
Feels Like: 55°
Casey
Overcast
57° wxIcon
Hi: 61° Lo: 55°
Feels Like: 57°
Brazil
Overcast
64° wxIcon
Hi: 65° Lo: 58°
Feels Like: 64°
Marshall
Overcast
64° wxIcon
Hi: 62° Lo: 56°
Feels Like: 64°
Breezy, Warmer Thursday
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 354457

Reported Deaths: 9537
CountyConfirmedDeaths
Cook1664575369
DuPage21231599
Lake19714506
Will17106422
Kane15616342
Winnebago9314167
St. Clair7623213
Madison6832152
Champaign574128
McHenry5726120
Peoria431064
McLean391831
Rock Island372189
Unassigned3627260
Sangamon355660
Kankakee319078
Macon263348
Kendall248527
Tazewell244549
LaSalle220760
DeKalb213842
Coles179838
Williamson173758
Boone168725
Adams165915
Clinton163124
Vermilion15627
Jackson144325
Whiteside116722
Randolph115914
Knox11519
Effingham10953
Ogle10897
Grundy8897
Jefferson86744
Franklin8666
Marion86613
Monroe86128
Bureau85517
Stephenson8207
Morgan81024
Henry7987
Christian78425
Macoupin74110
Union73825
McDonough66815
Fayette63821
Crawford6306
Lee6271
Shelby5928
Douglas5638
Livingston55710
Montgomery55515
Woodford55311
Logan5474
Saline5057
Bond4719
Warren4647
Iroquois45919
Jersey45621
Cass45011
Wayne44011
Jo Daviess4367
Fulton4290
Perry40916
Moultrie3785
Carroll3678
Johnson3220
Richland31815
Lawrence3068
Hancock2853
Clay28411
Washington2771
Clark2729
Greene27015
Pike2674
Cumberland2586
Jasper25010
Mason2381
White2351
De Witt2333
Pulaski2261
Mercer2256
Piatt2180
Wabash2105
Ford1829
Menard1651
Edgar1478
Massac1412
Marshall1403
Hamilton1142
Henderson1110
Alexander1091
Gallatin1052
Edwards990
Brown980
Scott950
Putnam860
Schuyler801
Stark802
Calhoun670
Hardin490
Pope361
Out of IL20

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 150664

Reported Deaths: 4008
CountyConfirmedDeaths
Marion24697784
Lake13220352
St. Joseph8877159
Elkhart8469132
Allen7880222
Hamilton5962113
Vanderburgh559360
Tippecanoe354714
Monroe320738
Hendricks3183130
Johnson2995128
Porter297848
Clark285461
Delaware282074
Vigo252637
Madison229593
Cass222021
LaPorte215557
Warrick188464
Kosciusko176823
Floyd174867
Howard158866
Bartholomew139758
Dubois135125
Marshall132526
Henry122628
Grant120939
Wayne119327
Boone118848
Hancock114145
Noble113533
Jackson108713
Morgan92240
Dearborn91628
Daviess84033
Gibson83411
Clinton81616
Shelby79429
Lawrence78534
LaGrange76715
Harrison74024
Putnam71016
Knox70310
DeKalb69411
Posey6796
Steuben6008
Fayette58517
Miami5845
Montgomery57222
White56815
Jasper5624
Greene51837
Scott50813
Decatur49839
Adams4725
Clay4346
Whitley4316
Sullivan42812
Ripley4228
Wells4155
Starke3937
Wabash3919
Orange38725
Huntington3785
Spencer3706
Franklin36525
Jennings36013
Washington3592
Randolph3398
Fulton3362
Jefferson3305
Pike31913
Carroll31413
Perry29514
Jay2876
Fountain2863
Tipton26823
Parke2203
Newton21811
Vermillion2181
Rush2044
Owen2021
Martin1950
Blackford1923
Crawford1491
Pulaski1471
Brown1303
Ohio1227
Benton1070
Union1040
Switzerland890
Warren751
Unassigned0233