SoylentNews is people
SoylentNews
Marriott Hack Hits 500 Million Guests:
The records of 500 million customers of the hotel group Marriott International have been involved in a data breach. The hotel chain said the guest reservation database of its Starwood division had been compromised by an unauthorised party. It said an internal investigation found an attacker had been able to access to the Starwood network since 2014.
[...] Starwood's hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton. Marriott-branded hotels use a separate reservation system on a different network.
Marriott said it was alerted by an internal security tool that somebody was attempting to access the Starwood database. After investigating, it discovered that an "unauthorised party had copied and encrypted information". It said it believed its database contained records of up to 500 million customers. For about 327 million guests, the information included "some combination" of name, mailing address, phone number, email address, passport number, account information, date of birth, gender, and arrival and departure information. It said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.
[...] The company has set up a website to give affected customers more information. It will also offer customers in the US and some other countries a year-long subscription to a fraud-detecting service.
The attacker had access since... 2014? To the records of half a billion customers? How many can invoke protections provided in GDPR (General Data Protection Regulation)?
Source: Marriott breach leaves 500 million exposed with passport, card numbers stolen
(Score: 4, Interesting) by RandomFactor on Saturday December 01 2018, @05:29PM (2 children)
Ignoring the obvious like changing your password with them. (and if you are so foolish as to reuse the same password everywhere, change it all over...)
.
20 odd years ago some clown got hold of my credit card info and had billing rerouted to an address in California. Then charged a large charge at CompUSA to it and shipped something there. Presumably a computer or laptop from the amount. We didn't get a bill at the beginning of the month and it took us a week or two to figure out there was a problem.
.
After going through all the mess of cleaning that up (that damned address still appears on my credit history decades later even though I have repeatedly told the credit bureau it was fraudulent. However they insist that doesn't matter, I really hate those asshats)
During all this I was discussing with one of the fraud departments and asked how i could keep this from happening again. They gave me the usual credit freeze (not so fun back then) and paying a company to monitor my credit stuff (uggg.)
I asked if there was anything else I could do, and they finally had one more tip.
.
Call the credit card company and tell them to put a password on your account. Then if someone calls in to do something like a request to change the billing address etc, they ask "What is your password" and the fraudster doesn't know it.
This was pretty easy and straightforward to accomplish on my cards (with the exception of a work credit card, where i couldn't do it, however even they allowed for additional verification to be put in place)
.
I've called a number of times for whatever over the years and gotten "What is the password on the account?" and been quite happy about that (not 100% though, they don't always do it unfortunately.)
.
Simple and straightforward, provides some additional protection on your cards if you want it. Costs is just a phone call to ask them to do it.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 4, Interesting) by shortscreen on Saturday December 01 2018, @09:39PM (1 child)
I used to have a password on my CC account. Then this year I received a notice that they would no longer be asking for the password. Why? Because now, if there is any funny business on my account I will be alerted by their "app"
Being alerted after the fact (assuming I used their app, which I don't) is what passes for security now I guess. And yes, I'm going to name and shame. It was Capital One.
(Score: 2) by RandomFactor on Saturday December 01 2018, @10:43PM
Uggh....why on Earth would this be an either-or situation? They should allow both if you want.
.
I don't have Capital One and haven't seen any notices like that. If I was hunting a new card, not allowing this would probably be a disqualifier for me.
В «Правде» нет известий, в «Известиях» нет правды