Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off 5.2m guests' personal info Marriott Hotels has suffered its second data spillage in as many years after an "unexpected amount" of guests' data was accessed through two compromised employee logins, the under-fire chain has confirmed. The size of the latest data exposure has not been disclosed, though Marriott admitted it seemed to have started in January …
If you scratch Marriott off your list, you're also scratching off Starwood and all of their chains too. This leaves Hyatt, and Hilton. Holiday Inn, and other lower budget chains like Super8 are also available.
Depending on how much you travel, where you travel... you may be limiting yourself.
And trust me... I've done enough traveling over the past several years that there are some chains I want to avoid because I fear getting sick just staying there.
there are some chains I want to avoid
Yes, all of them. That is, at least the large, international chains. I did a lot of travelling in the past, both for business and leisure, and have had much better experiences staying off those chains. Of course, there are the odd ones like one which is marketing itself as business hotel and you won't even find a table to work on in any room.
if you are so inclined, you can still stay at Marriott hotels without having a loyalty account.
I used to stay only at Starwood hotels, but since Marriott gobbled them up, I haven't stayed at any, the ones I looked at were old and tired, not like the Starwood hotels I remember.
Doesn't make any difference whether you were part of the loyalty scheme or not, I spent one night in a Moxy last year without signing up to the loyalty scheme and they've confirmed they've leaked my name, address, email, phone number, date of birth and gender.
"Depending on how much you travel, where you travel... you may be limiting yourself."
Well yes, that's how boycotts work. You can't avoid using something you weren't going to use anyway. But if you're not willing to deal with the inconvenience, however big or small it may be, of avoiding something you dislike, you have no right to complain when you subsequently get shafted.
According to the Register report on the previous breach they and the ICO have agreed to "an extension of the regulatory process", whatever that might mean until today. Somehow I doubt the ICO will be inclined to give them the benefit of the doubt over this. They have informed the ICO haven't they? There's no mention of it.
In the meantime Experian get to slurp a it more of their customers' data.
(a) To stop somebody else doing it to spoof the.
(b) Because it's outsourced.
I CBA to check if this applies to them but all too often this stuff is outsourced. When that happens a quick whois makes their marketing spam look like phishing. Yes, banks and building societies, I'm looking at you.
Uh-huh,
I see those emails all the time..click here to unsubscibe
..no, actually I only see them when I look inside my spam folder..
The state of the web is that if anyone, claiming to be from anywhere, suggests you follow a link, treat it as an attempted mugging. If you personally know the sender, and expect the email - treat it like a possible hijacking instead, and verify.
And the years=old advice is don't click on any link in an unsolicited email. The fact that marketroids stuff their spam with links makes me think that they've never had that explained to them in words of one syllable and a 2 x 4. That in turn makes me realise that marketing departments are the easiest way in for anyone launching a malware attack. Between that and data hoarding they're a danger to any business.
Geographic aware login probably wouldn't be sensible for a hotel app. It is literally for travelling - same with plane apps
2FA isn't a bad idea, until you remember that it is for travelling and you may not have service to allow you to unlock your door. (of course there are other ways)
I don't mean as in name and shame, but what role did they have?
Directors? Reception staff? Cleaners? Marketing? IT?
If it's anyone other than a select few of IT, why do these people have access to these details?
Is the issue a bigger INTERNAL issue rather than some form of hacking?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
