Marriott hotel chain again reported a data leak. This time, the attackers compromised the accounts of two employees, which led to the leak of information about 5.2 million people using the company’s loyalty application.
The incident became known at the end of February 2020, when it turned out that the unknown used the data of two employees to access the application backend and customer information. The hack itself, according to representatives of Marriott, dates from January of this year.
As a result, the attacker had access to information from the Marriott Bonvoy loyalty program, including:
- contact details (name, postal address, email address and telephone number);
- account information (account number and points, but not passwords);
- additional personal data (company, gender, day and month of birth);
- partnerships (related airline loyalty programs and numbers);
- preferences (accommodation options and language preferences).
Representatives of the hotel report that at the same time the hacker did not get access to passwords, PIN-codes, information about payment cards, as well as data on passports, driver’s license numbers and other identification cards.
Marriott has already launched a special site where users can check whether this leak affected them and what data it touched.
Let me remind you that this is not the first Marriott hack in recent years. So, in 2018 it became known that the hotel chain made a massive leak, affecting, as was originally thought, half a billion people. And although it later became known that the leak affected “only” 383 million guests, nevertheless then the hackers spent almost four years in the company’s systems.