A juicy new tidbit has been discovered as part of the massive hack of Marriott we told you about just a week ago that included an unauthorized party gaining access to the hotel’s Starwood guest reservation database in September.
According to a Reuters report, we may know who was behind the hack. Three sources claim that private investigators found clues suggesting that the hack was a Chinese government intelligence-gathering operation.
There are, however, some important caveats to note. From Reuters: “Chinese hackers may have been behind a campaign designed to collect information for use in Beijing’s espionage efforts and not for financial gain, two of the sources said.
“While China has emerged as the lead suspect in the (Marriott) case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online.”
Marriott’s systems were apparently a mess, security-wise. Investigators have had a tough time identifying a culprit with certainty, that report continues, because of the fact that multiple hacking groups may have been inside the hotel’s computer networks for the last four years. (At the same time as each other!)
If China is indeed behind the attack, this is one more dicey complication in the US-China relationship that’s been rocked just in recent days alone by tariff talk from President Trump, the arrest of Huawei’s CFO and now this.
In terms of background about what happened, Marriott has said it first became aware of the breach on September 8th when an internal security tool flagged an attempt by someone trying to access the reservation database. After consulting with outside security experts, the hotel chain realized that someone had been accessing the database since 2014 and had been copying all sorts of sensitive information.
All told, information involving upwards of 500 million guests were compromised over the last four years. Among the information that was compromised, Marriott has acknowledged such data includes names, mailing address, phone numbers, email addresses, passport numbers, date of birth, gender and more for about 327 million guests. So, basically, just about everything important that a hacker would find valuable.