Blake Dowling: Marriott, the Chernobyl of cyber breaches

marriott

Last month, I wrote a piece for Florida Politics about breaches.

There is a scheme going around where hackers utilize stolen data from past breaches to make phishing and ransomware schemes look more legit.

My point was this: Our reactions to breaches are not focused as we worry about notifications of the breach more than who stole it, and where did the stolen info go?

In the case of recent LinkedIn data leaks, it appears that data went for sale on the dark web. It was a very well-done scam that a lot of people fell for — and it is still is on the loose.

For those who think I am exaggerating, here is a market break down of what is available on the dark web and how much it costs 

On to this week. The guilty party — Marriott.

Are you an SPG member? It’s not pretty, it would appear the info of as many as 500 million guests were stolen.

We are talking the whole enchilada, birthday, gender, address, phone number, email, reservation info, possible credit card, and password info, as well (if they have the means to decrypt that data).

So, the stolen info goes to the dark web for sale and Mr. or Mrs. Hacker embed a fake malicious code into a fake Marriott email — and the attack is underway.

With all this info, they could create a fake survey — “TELL US ABOUT YOUR RECENT STAY IN APRIL.”

It appears legitimate, does it not? How else would they have this info about you?

Oh yeah, they STOLE it.

Me, recently at a Westin. Yay!

As someone who just stayed at the Westin in Cancun, this is beyond irritating. What is wrong with these people?

Experts say they could have caught the breach years before? According to a USA TODAY article on the subject:

“’That’s absolutely true,’ Franklyn Jones, chief marketing officer of Cequence Security, said about the possibility of an earlier detection. ‘I don’t know all the details for certain, but the likelihood is yes, it could have (been detected sooner). There are many different security vendors out there specifically for this reason, to detect traffic that looks suspicious. … I would agree that this should have been detected long before it did, or at least been reported.’”

Screenshot of stolen data for sale on the dark web.

Blood is indeed in the water, signified by Morgan and Morgan, which is now on the case.

Breaches keep occurring, big business and government are not taking cybersecurity seriously — and we the people keep getting hosed.

This will not be the last breach, but the ramifications of it will be the most significant. There is just too much data potentially stolen. This is the Chernobyl of cyber breaches.

Contact Marriot for more info, change all passwords, and buckle up.

___

Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].

Blake Dowling

Blake Dowling is CEO of Aegis Business Technologies. His technology columns are published by several organizations. Contact him at [email protected] or at www.aegisbiztech.com



#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, Ryan Nicol, Jacob Ogles, Cole Pepper, Jesse Scheckner, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704