Last month, I wrote a piece for Florida Politics about breaches.
There is a scheme going around where hackers utilize stolen data from past breaches to make phishing and ransomware schemes look more legit.
My point was this: Our reactions to breaches are not focused as we worry about notifications of the breach more than who stole it, and where did the stolen info go?
In the case of recent LinkedIn data leaks, it appears that data went for sale on the dark web. It was a very well-done scam that a lot of people fell for — and it is still is on the loose.
For those who think I am exaggerating, here is a market break down of what is available on the dark web and how much it costs …
On to this week. The guilty party — Marriott.
Are you an SPG member? It’s not pretty, it would appear the info of as many as 500 million guests were stolen.
We are talking the whole enchilada, birthday, gender, address, phone number, email, reservation info, possible credit card, and password info, as well (if they have the means to decrypt that data).
So, the stolen info goes to the dark web for sale and Mr. or Mrs. Hacker embed a fake malicious code into a fake Marriott email — and the attack is underway.
With all this info, they could create a fake survey — “TELL US ABOUT YOUR RECENT STAY IN APRIL.”
It appears legitimate, does it not? How else would they have this info about you?
Oh yeah, they STOLE it.
As someone who just stayed at the Westin in Cancun, this is beyond irritating. What is wrong with these people?
Experts say they could have caught the breach years before? According to a USA TODAY article on the subject:
“’That’s absolutely true,’ Franklyn Jones, chief marketing officer of Cequence Security, said about the possibility of an earlier detection. ‘I don’t know all the details for certain, but the likelihood is yes, it could have (been detected sooner). There are many different security vendors out there specifically for this reason, to detect traffic that looks suspicious. … I would agree that this should have been detected long before it did, or at least been reported.’”
Blood is indeed in the water, signified by Morgan and Morgan, which is now on the case.
Breaches keep occurring, big business and government are not taking cybersecurity seriously — and we the people keep getting hosed.
This will not be the last breach, but the ramifications of it will be the most significant. There is just too much data potentially stolen. This is the Chernobyl of cyber breaches.
Contact Marriot for more info, change all passwords, and buckle up.
___
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].