The Marriott Hotel empire has again witnessed a severe information breach. This time, roughly 5.2 million friends have been affected.
The attack was executed through a third-party software program that Marriott’s hotel properties use to provide visitor services, based on an online notice that Marriott released Tuesday. The cybercriminals had been in a position to acquire the login credentials for this system utilized by two employees at a franchise property; from there, they had been able to access a raft of visitor information.
The stolen bounty includes everything cybercrooks would need to mount convincing spear-phishing campaigns: Full contact details, including names, mailing addresses, e-mail addresses, and phone numbers, other personal knowledge like company, gender and birthdays; Marriott’s “Bonvoy” loyalty program account numbers and points balances, linked airline loyalty programs and numbers and Marriott preferences such as stay or room preferences and language preferences.
Marriott said that the unauthorized entry probably started in mid-January and continued for about a month and a half. Upon the hack’s discovery at the end of February, the hotel chain disabled the compromised logins and opened an investigation. It started notifying affected guests this week.
No payment card info, passport info, national IDs, or driver’s license numbers had been stolen in the attack, according to the notice.
The hotel titan is also forcing password resets for Bonvoy loyalty club members, who will even be prompted to enable multi-factor authentication on their accounts.