SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.
SoylentNews
The Hyatt hotel chain discovered credit-card stealing malware in its payment system on November 30 and announced it December 23, in an apparent attempt to spread holiday cheer.
Hyatt's notice to customers has very few details about the investigation, such as how long the breach lasted or how many consumers may have had their card data stolen as a result. Hyatt did say that it has taken steps to strengthen its systems, and that "customers can feel confident using payment cards at Hyatt hotels worldwide."
Hilton, Starwood, and Trump hotels have enjoyed similar data breaches over the past few months.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
QOTD:
The forest may be quiet, but that doesn't mean
the snakes have gone away.
(Score: 2) by frojack on Sunday December 27 2015, @08:05AM
So the only point left to attach is at interface to the outside.
"interface to the outside? WTF is that?
Odds are 100 to 1 that there was rogue software on their WINDOWS computers.
No, you are mistaken. I've always had this sig.
(Score: 1) by anubi on Sunday December 27 2015, @10:10AM
Judging by how fast I pick up rogue software without even trying, that does not surprise me at all.
I intentionally crippled my own machine to make it more resilient to drive by downloads and auto-updaters. I no longer see a lot of business sites. Most plain info sites like this site, digi-key, google, aliexpress, are still working fine. I have noted no further surprises since renaming several of those auto-updaters. My main problem so far has been the health insurance sites. Looks like I will have to revert back to snailmail for those - same as I did for internet banking.
I never did succeed in convincing the financial institution not to require javascript. How does one convince one having a business education that once popups are enabled, crafty phishing techniques will also be enabled? I have seen all sorts of hostile crap that depends on javascript being enabled in order to let it do its dirty work. Businessmen seem so naive to think only they can put their trademark/business logo on something to make it look official. They seem so unaware the phisher can make a perfect copy of their business site and have me redirected at a whim, using javascript redirectors to keep me ignorant of where my machine is getting its pages from.
I hate it when I find keyloggers in my machine, and have no idea how long they have been there, or who they have been uploading my keyboard history to.
Going to a business site and having them force Javascript and pop-ups on me is akin to going to a first-class restaurant and having them insist I use dirty silverware. It takes a real business mindset to think a EULA posted by the front door gets them off the hook for unsanitary food presentation.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1, Interesting) by Anonymous Coward on Sunday December 27 2015, @12:22PM
"Looks like I will have to revert back to snailmail for those - same as I did for internet banking. "
Good luck with that. Many places tend to only let people switch in one direction - to electronic, not from. For the places that do allow you to switch back to snailmail, they add a surcharge on top of your monthly bill. It's one of the reasons why I never bother to switch to electronic shit for this. Perhaps when the business world proves to me they know how to take online security seriously, and the computer software industry (Mainly the OSes, you know who I'm talking about, but also several infamous programs commonly used) learn how to code securely as well. When that happens, I'll start to consider trusting them.
(Score: 1, Insightful) by Anonymous Coward on Sunday December 27 2015, @04:20PM
Disposing all the paperwork securely is a ball-ache too.
Why don't we work on making javascript more secure - no reason for it to be reading files, screen image, keystrokes and sending that back to someone.