How The Hack Marriott Hack Went Down
5 million user records were hacked from Marriott’s system, two years after a massive breach.
There will likely be an additional fine, in addition to the $123 million fine they received for a previous 2018 breach due to their inability to prevent the reach of UK citizen data under GDPR.
A hotel chain’s system was compromised resulting in hackers obtaining login credentials of two Marriott employees.
These logins were used by the hackers to log into guest registration applications where data was then exfiltrated.
How Companies Can Prevent This Attack
Two factor authentication! It’s one of the best defenses available, along with creating unique and strong passwords.
If you have systems/applications that hold sensitive data and don’t support two-factor authentication, consider prioritizing building the functionality. If you don’t control the system, find alternative providers that do provide the functionality.
Additionally, consider restricting which IP addresses logins are allowed by using a whitelist. While not perfect, this adds another layer of defense.
Havoc Shield protects businesses through the cumulative effort of its employees. Here are two ways it can help companies improve their security posture and prevent these types of attacks:
- Login credentials are often stolen through phishing campaigns and malicious websites. Havoc Shield’s MailArmor Suspicious Email Service along with included DNS-level malicious website blocking can help users avoid these traps.
- Two-Factor Coverage Scans alert users to turn on two-factor authentication for services they use that support the feature. The same coverage report can be viewed by company admins to determine coverage across your service landscape. Automated reminders to enable 2FA help you enforce your chosen policy.
Learn more about how Havoc Shield can help your company’s security.
Interested in more articles in our series The Latest Hack? Continue here:
- The Latest Hack: Garmin
- The Latest Hack: Twitter
- The Latest Hack: Amtrak
- The Latest Hack: Wishbone
- The Latest Hack: Mathway
Any additional suggestions of recent hacks that you’d like us to write our perspectives on? Drop us a note in the comments section below!