Marriott data breach — What to do?

This morning when I drove back from the gym, I heard news about the Marriott data breach on the radio. I thought back to all the times I’ve stayed in a Marriott hotel (I’m checking into one next week) and wondered what data of mine may have been compromised. With “more than 6,700 hotels and over million rooms in over 130 countries across the globe,” maybe you’re also wondering if you’re one of the potentially half a billion guests whose data was compromised. It’s unpleasant to consider. According to a press release, the Marriott data breach involved the Starwood guest reservation database and included:

“… some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”

The breach also included some credit card numbers and their expiration dates. Marriott says this data was encrypted, but that it’s still possible that it may have been decrypted by hackers later.

You don’t need to wait to hear from Marriott to find out if you’ve been in the breach. If you’ve stayed at one of their hotels since 2014, it’s not a bad idea to be cautious. Here’s what you can do straight away:

Monitor your accounts.

Watch your credit cards and your credit accounts for suspicious activity and report it quickly if spotted.

Change your password.

If the password to your Starwood account is one that you’ve reused, change it. You should always use different passwords for every account.

Use strong passwords.

hotel123 is a weak password, and yet according to haveibeenpwned, it has appeared 1,817 times in previous data breaches — and Marriott’s dataset isn’t even in the database yet.

Be alert to phishing attempts.

“Phishing” is a broad term for when a malicious actor impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details or credit card numbers. It generally casts a wide net. Be on your guard, because it’s clever and it works.

Get alerts for future breaches from Firefox Monitor.

Firefox Monitor will warn you if your credentials have been compromised by comparing it to the public breach data in the system. After that, you’ll have the option to sign up for future alerts. Not all breach datasets are available for us to scan through Firefox Monitor, and that includes the Marriott data breach as of this writing.

I hope you weren’t part of the Marriott data breach, but the fact is, breaches are on the rise. These tips don’t apply just to this breach, they’re best practices every day of the week. Getting smart about your online security and privacy is more important the ever, and it’s something we care a great deal about at Firefox. Our products — like Firefox Monitor — keep what’s personal private, and they are designed to serve you, not a bottom line.


Share on Twitter