Marriott Hacked Again; Attackers Steal 20GB of Data
Hotel chain Marriott has suffered yet another embarrassing breach at the hands of organized hackers who say the lodging giant has very poor cyber defenses.
The latest incident reportedly occurred about a month ago, when a group of anonymous hackers phished a BWI Airport Marriott employee and used his clearance to exfiltrate 20GB of data, including data on employees and possibly even hotel guests.
Marriott told cyber-news site Databreaches.net that most of the stolen data consisted of “non-sensitive internal business files. But the lodging behemoth might be downplaying the severity of the incident.
The hacking group claims it has gotten its hands on some proprietary information and the personal data of guests and employees, and labels the stolen data as “critical.”
Marriott said it will notify 300-400 individuals, including regulators, as required in this instance.
“They did not provide a full description as to what kinds of personal information were involved for the individuals being notified,” according to Databreaches.
The outlet interviewed the hacking group and published several sample files allegedly stolen in the attack. While the group did demand ransom to refrain from going public with the breach, they said their modus operandi does not involve actual encryption, as is the case in most ransomware attacks. In an attempt to cast themselves as less malicious than other hackers, the criminal group said they don’t mean to wreak havoc and ruin businesses. They also said they focus only on companies and do not attack critical government infrastructure.
The group opined that Marriott’s cyber defenses are weak, telling interviewers that hacking them was a walk in the park.
“Their security is very poor, there were no problems taking their data. At least we didn’t get access to the whole database, but even the part that we took was full of the critical data,” the group is cited as saying.
A Marriott spokesperson told CyberScoop that the unauthorized access “only occurred for a short amount of time on one day.”
“Marriott identified and was investigating the incident before the threat actor contacted the company in an extortion attempt, which Marriott did not pay,” the spokesperson added.
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns
January 19, 2023
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022