WatchPoint Security Blog

Marriott and Quora Data Breach Exposes 600 Million Users' Personal Information

Written by Jordan Kadlec | December 05, 2018

Hotel giant Marriott and information sharing website Quora both suffered data breaches over the last week; leading to the exposure of 600 million user’s data to unauthorized third-parties. On Friday, November 30th, Marriott disclosed a massive data breach for about 500 million guests while Quora released a statement on Monday, December 3rd regarding their breach of 100 million user’s information.

Marriott Data Breach – Class Action Lawsuit Filed

Marriott’s data breach, exposing 500 million guests who booked reservations at its Starwood properties, makes it one of the largest ever cyberattacks on a company. In a statement released by Marriott executives, the company said it discovered unauthorized access to the databases dating back to 2014. The hacker, who remains unknown, copied and encrypted information and took steps towards completely removing the data.

For about 327 million of those affected, the compromised information includes information such as names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation dates and communication preferences. Furthermore, in some cases, payment card numbers and expiration dates were also compromised.

“Its impact on the victims is much greater than the numbers reveal,” said John Gunn, chief marketing officer of cybersecurity company OneSpan. “It is remarkably easy to request a replacement credit card from your financial institution, and you are not responsible for fraudulent activities – try that with your passport.”

To make matters worse, a national class action lawsuit was filed by Murphy, Falcon & Murphy against Marriott, claiming that the hotel chain failed to ensure the integrity of its servers and to properly safeguard consumers’ highly sensitive and confidential information. While the suit does not disclose how much they are seeking in damages, it will certainly cost the hotel chain millions and millions of dollars.

Quora Data Breach

Quora, founded by former Facebook employees, is a place to gain and share knowledge. It’s a platform to ask questions and connect with people who contribute unique insights and quality answers.

The data breach was discovered on Friday, November 30th, when Quora saw that user’s data was accessed by an unauthorized third-party. Officials stated that they then contacted law enforcement and hired a digital forensics and security consulting company to determine how this breach occurred and who may be responsible for the attack.

“We recently became aware that some user data was compromised due to unauthorized access to our systems by a malicious third party,” Quora stated in a security update. “We have engaged leading digital forensic and security experts and launched an investigation, which is ongoing. We have notified law enforcement officials. We are notifying affected Quora users. We have already taken steps to ensure the situation is contained, and we are working to prevent this type of event from happening in the future. Protecting our users’ information and fostering an environment built on trust remains our top priority so that together we can continue to share and grow the world’s knowledge.”

Data of the 100 million users compromised in the breach include: account information (name, email address, encrypted passwords, data imported from linked networks when authorized by users), public content and actions (questions, answers, comments, and upvotes), non-public content and actions (answer requests, downvotes, and direct messages).

Along with contacting those affected, Quora is also requiring users to reset their passwords next time they log in. Those wishing to delete their account can do so in the settings section, and the deactivation will happen immediately.

What Steps to Take

With the information contained in the Marriott data breach, criminals could open fake accounts in the consumer’s name. Should you believe your information could be included in the data breach, consider freezing your credit immediately. This will prevent potential crooks from opening new credit lines in your name. Experian, Equifax, and Transunion offer credit-freezing services for free, and this can be accomplished in just minutes.

As for the Quora data breach, your email address and passwords could potentially be compromised. While initial numbers are at 100 million users affected, data breaches are often much larger than first reported. Whether you have been notified by Quora or not, if you have an account with the company, change your password immediately. It will take only a few seconds and could potentially save other accounts from being breached.

Photo courtesy of PYMNTS.com