• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Yet another big data breach - 500 million

allisolm

allisolm

Elite Member
Administrator
Breach has been ongoing since 2014. Terrific!😱 😳🙄

"Starwood brand hotels that may have been affected include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, and more."

"Marriott — which owns Starwood hotels such as the St. Regis and the Westin — on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.
For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. "

"To make matters worse, Marriott says that credit card numbers were likely stolen as well. Although the numbers were encrypted using the AES-128 standard, Marriott says it cannot rule out that the hackers also stole the keys to decrypt the credit card number information. "



https://arstechnica.com/information...on-exposed-with-passport-card-numbers-stolen/
https://www.cnn.com/2018/11/30/tech/marriott-breach-what-to-do/index.html
 
I keep my credit frozen and review credit card and bank statements every other week. It's not if, it's when. I've had my CC number stolen, while the cards have remained in my possession, probably 5 times in the past decade?
 
I think we are all learning, (the hard way) that these Co's simply do not care to invest the needed $$ to keep their networks safe. After the breach they all parrot the same thing, " customer data security is of highest importance to us" when clearly this is not the case. It's a cost to them and they'd rather keep the $$ and hope for the best.
 
BUTCH1 said:
I think we are all learning, (the hard way) that these Co's simply do not care to invest the needed $$ to keep their networks safe. After the breach they all parrot the same thing, " customer data security is of highest importance to us" when clearly this is not the case. It's a cost to them and they'd rather keep the $$ and hope for the best.
Click to expand...

They don’t care because there’s no punishment which is outrageous. I think we all do everything we can to protect our personal data and then these dumb ——- just about give it away for free.

There’s seemingly nothing we can do about it either.
 
BUTCH1 said:
I think we are all learning, (the hard way) that these Co's simply do not care to invest the needed $$ to keep their networks safe. After the breach they all parrot the same thing, " customer data security is of highest importance to us" when clearly this is not the case. It's a cost to them and they'd rather keep the $$ and hope for the best.
Click to expand...

Is it even possible?

I suppose with enough investment you'd have the monitoring necessary to detect a breach and shut it down. Ongoing for 4 years is beyond massive.
 
Oh, no. I just looked at my checking account for the first time since 2014. There are several hundred unauthorized transactions totalling $437,594.

Shit.

With consumer protection given to most credit cards, data breaches today are the equivalent of the 1950s paper boy throwing the newspaper into the rose bushes.
 
Carson Dyle said:
Oh, no. I just looked at my checking account for the first time since 2014. There are several hundred unauthorized transactions totalling $437,594.

Shit.

With consumer protection given to most credit cards, data breaches today are the equivalent of the 1950s paper boy throwing the newspaper into the rose bushes.
Click to expand...


hehe good one 😉 i was thinking, well good thing the expiration on the cards has gotta be up by now :O BREAKING NEWS hack in 2014 327 million names and addresses (they probably already sold that information 10x anyway)

its so creapy that i only see half your post when i quote it, the other half is gone from my view why is this, new board glitch. also when i go to forums.anandtech.com it is a completely blank page. maybe my network is hax0red too heheheh
 
As someone who works as a network security engineer, I have to wonder how they gained internal access. Most breaches like this are a result of phishing. I suspect that is the case here, but I cant find anything to verify. I know where I work, we regularly do phishing training on ALL employees, including executive management. Every employee gets phished 6 times/year, and there are repercussions if someone fails 2 times.


Anyway. Unfortunate.
 
blackangst1 said:
As someone who works as a network security engineer, I have to wonder how they gained internal access. Most breaches like this are a result of phishing. I suspect that is the case here, but I cant find anything to verify. I know where I work, we regularly do phishing training on ALL employees, including executive management. Every employee gets phished 6 times/year, and there are repercussions if someone fails 2 times.


Anyway. Unfortunate.
Click to expand...
Basically the same thing that happens where I work, yet last week some employee clicked on a phishing link and Emotet shut down 2 floors of the building. Honestly, I don't get it. I'm not in IT, but maybe because I grew up on the Internet (before Facebook, Twitter, etc) its just incredibly obvious what's a phishing email?
 
Awesome. I stayed at the Westin in Grand Cayman last year and this past summer. I'm pretty sure they have my passport number on file too.
 
No penalties, corporate murica dgaf about your data.

As a tech support rep, I can vouch that businesses will take the cheapest route possible almost everytime. The nonsense I've seen at hotels alone makes me want to pay in cash.
 
blackangst1 said:
As someone who works as a network security engineer, I have to wonder how they gained internal access. Most breaches like this are a result of phishing. I suspect that is the case here, but I cant find anything to verify. I know where I work, we regularly do phishing training on ALL employees, including executive management. Every employee gets phished 6 times/year, and there are repercussions if someone fails 2 times.


Anyway. Unfortunate.
Click to expand...
My mom's company just fall for catfish and changed someone's direct deposit to a different bank account without verification. It is crazy how easy it is to scam companies.
 
Carson Dyle said:
Oh, no. I just looked at my checking account for the first time since 2014. There are several hundred unauthorized transactions totalling $437,594.

Shit.

With consumer protection given to most credit cards, data breaches today are the equivalent of the 1950s paper boy throwing the newspaper into the rose bushes.
Click to expand...
But this is he thing, even if your bank or Visa or Mastercard covers the bogus charges this is all applied as overhead and that cost is passed on some way or another, there is no free lunch.
 
It's crazy how in the age of information where data is a commodity, these places are just letting it be stolen all willy nilly. It'd be like a bank not caring that their vaults are constantly raided by thieves.
 
I'm so sick of criminal hacking and the hovoc it has wreaked on this world. If these assholes are ever caught, give them one year for each person's information they stole. Hand out a few 300 million year sentences and maybe others will get the message and think twice.
 
snoopy7548 said:
It's crazy how in the age of information where data is a commodity, these places are just letting it be stolen all willy nilly. It'd be like a bank not caring that their vaults are constantly raided by thieves.
Click to expand...

Cause just like the sun coming up tomorrow we sheep still graze at these hotels, still use these credit reporting agencies, still shop online at the same places. I guess getting a free year of credit monitoring makes it all better.

Not that the government knows what it’s doing, but it’s stunning they do nothing and have no standards in place for securing data among industries. Also a little surprising with some of these aggressive state AG they aren’t suing.
 
woolfe9998 said:
I'm so sick of criminal hacking and the hovoc it has wreaked on this world. If these assholes are ever caught, give them one year for each person's information they stole. Hand out a few 300 million year sentences and maybe others will get the message and think twice.
Click to expand...

Harsher punishments will mean little. What matters more is frequency of getting caught which does not happen often. Same reason you walk outside and do things, even though a meteor could kill you. Its so unlikely that you don't worry about it. What we need is more resources devoted into catching these people.
 
realibrad said:
Harsher punishments will mean little. What matters more is frequency of getting caught which does not happen often. Same reason you walk outside and do things, even though a meteor could kill you. Its so unlikely that you don't worry about it. What we need is more resources devoted into catching these people.
Click to expand...

Harsh punishment's and frequency of being caught are on the same sliding risk-benefit scale. A 5% chance of going to jail for 20 years is about the same thing as a 50% of going for 2 years. Maybe people see it differently for some psychological reason, but the math doesn't lie.

I can see your point if the chance of being caught is infinitesimal. Then people may not care that the punishment is death even. But the chance of being caught isn't infinitesimal. It's just very low. Which is precisely why we need draconian punishment or we have little to no deterrence.

Having said that, I'm all in favor if making it easier for them to be caught. Got any ideas?
 
woolfe9998 said:
Harsh punishment's and frequency of being caught are on the same sliding risk-benefit scale. A 5% chance of going to jail for 20 years is about the same thing as a 50% of going for 2 years. Maybe people see it differently for some psychological reason, but the math doesn't lie.

I can see your point if the chance of being caught is infinitesimal. Then people may not care that the punishment is death even. But the chance of being caught isn't infinitesimal. It's just very low. Which is precisely why we need draconian punishment or we have little to no deterrence.

Having said that, I'm all in favor if making it easier for them to be caught. Got any ideas?
Click to expand...

Do you have a source for that? From what I have read, its probability over severity. As you increase to the extreme, you get fewer returns, so probability seems to win out as a general rule.
 
realibrad said:
Do you have a source for that? From what I have read, its probability over severity. As you increase to the extreme, you get fewer returns, so probability seems to win out as a general rule.
Click to expand...

I have no source for what weight a prospective criminal gives to various factors in deciding whether to commit a crime. I just know that logically speaking, a 5% chance of 20 years is the same as a 50% chance of 2 years. I realize that the human mind doesn't necessarily process things that way.
'
But since for now the reality is that we can't catch these people terribly often, severe punishment is our only option for deterrence. Give a guy 20 years in the pen, and the next guy thinks, whatever my reason is for doing it, isn't worth even a slim chance of that happening to me.
 
woolfe9998 said:
I have no source for what weight a prospective criminal gives to various factors in deciding whether to commit a crime. I just know that logically speaking, a 5% chance of 20 years is the same as a 50% chance of 2 years. I realize that the human mind doesn't necessarily process things that way.

But since for now the reality is that we can't catch these people terribly often, severe punishment is our only option for deterrence. Give a guy 20 years in the pen, and the next guy thinks, whatever my reason is for doing it, isn't worth even a slim chance of that happening to me.
Click to expand...

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4744856/

https://eml.berkeley.edu/~jmccrary/chalfin_mccrary2017.pdf

You may find that interesting. In terms of probability vs severity, probability wins out as a general rule. The first one is interesting because it finds social pressure is very large. That links back to probability as the fear and then repercussions of social is not universal to every country as a primary, but, its up there often enough to be seen.

You are right though that people are often unpredictable and this type of crime may not follow these ideas. Cyber crime affords a level of anonymity which will likely skew the behavior.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top