Marriott Hacked

Recently, the Hotel chain Marriott revealed a security breach that influenced more than 5.2 million hotel guests who utilized the company’s loyalty app. As per the data breach notification published on its website, the hotel chain determined the security breach at the end of February.

However, later it found that a hacker had applied the login credentials of two employees from one of its franchise resources to get access to the customer data from the app’s backend systems.


Well, Marriott stated in a notice that the hotel chain emphasized the investigation is continuing. So, it had no intention to believe account passwords for Marriott’s Bonvoy rewards plans or financial data such as credit card numbers, passport data, or driver’s licenses were accessed.

Whereas, Tyler Carbone, the chief strategy officer at digital risk protection provider Terbium Labs, stated that the breach could be uncertain for consumers. “From what we know of the data disclosed, this is the kind of data that gives the proper raw material for cybercrime.”

However, Marriott conveyed an email on Tuesday to the affected customers from [email protected] and fastened up a dedicated website where customers can present a demand to check to see if their information was affected in the data breach or not.

What Happened?

Well, the Hotels operated and franchised below Marriott’s brands utilize an application to help implement services to guests at hotels. But, at the end of February 2020, we recognized that a surprising amount of guest data might have been obtained utilizing the login credentials of two employees at a franchise business, as we told earlier.

Hence, they consider that this activity commenced in mid-January 2020. As a result, they reinforced that the login credentials were useless, immediately started an investigation, performed heightened monitoring, and established resources to inform and help guests.

What information was accessed?

Through their investigation is continuing, recently, they have no reason to accept that the information associated included Marriott Bonvoy account passwords or PINs, payment card data, passport data, national IDs, or driver’s license numbers.

At this circumstance, they believe that the following data may have been included, but not all of this information was being included for every guest:-

  • Contact details like email, mailing address, name, and phone number.
  • Additional personal details like birth date, gender, and company.
  • Loyalty Account Information like points balance and account number but not passwords.
  • Partnerships and Affiliations like linked airline loyalty programs and numbers.
  • Preferences like language preference and stay/room preferences.

Well, if you are unsure whether your information was affected in the conflict, they have set up a self-service online portal for customers to be prepared to conclude whether their data was involved and, if so, what sections of information were affected.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.