Security Week 49: Hacking Dell and Marriott

Security Week 49: Hacking Dell and Marriott Last week was marked by two major leaks of personal data of users. Dell company. identified 3r3633. intrusion into your own network. The addresses and names of clients, as well as hashed passwords, which were forcibly reset for all users, flowed away.
3r363 leak. in the hotel chain Marriott was bigger. Back in 201? hackers gained access to the Starwood Hotels customer database — this hotel chain was acquired by Marriott in 2016. 3r366.  3r376. 3r366.  3r376. Unauthorized access to the customer base was discovered only in September of this year. According to preliminary data, 500 million Starwood customers suffered, while 327 million guests lost their names, physical and electronic addresses, telephone and passport numbers, booking dates and other private information. This is a very serious leak, comparable to
attack 3r3633. on the yahoo service. 3r366.  3r376.
3r3633. 3r366.  3r376. In a fairly discreet
message 3r363. Dell’s website talks about detecting an attack on November 9th. For more than three weeks it was not possible to reliably establish the fact of theft of the user database; it is only known that unauthorized access to it took place. Forcefully resetting passwords for all Dell-registered customers is therefore an extra precaution. The company encourages its users to use strong passwords and not to reuse passwords on different services. 3r366.  3r376. 3r366.  3r376. It is interesting to look at
recommendations r3r363. Dell to create strong passwords. At least 8 characters, small and large letters, at least one number. Do not use obvious words, such as last name or street name. It is proposed to come up with a passphrase, from the first letters of which create a password. The reliability of password protection with the help of hashing on the company's side is also explained in detail: a specific algorithm is not disclosed, but it is reported that it was tested during an independent examination. 3r366.  3r376. 3r366.  3r376. In general, Dell is showing a good example of a cyber incident response: customers were notified, data leaks were stopped, a company was hired for a security audit, and law enforcement agencies were notified. And all this with a (presumably) small scale of data leakage, although this is not only a matter of passwords: the Dell customer list also has value and, alas, can be used for further attacks already on them. 3r366.  3r376. 3r366.  3r376.
3r3338.
3r366.  3r376. 3r366.  3r376. But Marriott is much more complicated. Judging by 3r344. post 3r363. companies, unauthorized access to the database of Starwood Hotels - an independent organization at the time - was received back in 201? and the purchase of a competing hotel chain did not help detect data leakage. Only on September 8 of this year, a certain “internal security system” recorded an attempt to access the database. Then there was an investigation, during which an encrypted copy of the database was found: presumably it was copied for subsequent exfiltration from the corporate network. The fact of downloading the database was not fixed, but given that the corporate network was hacked for four whole years, there is no doubt that the attackers had access to customer data. 3r366.  3r376. 3r366.  3r376. And to what? It was possible to estimate the damage after deciphering a copy of the data. An estimated 500 million Starwood customers have been affected. 327 million records contain complete information about the client: when he called in and left the hotel, mailing address, passport number, and so on. Information “on a number of customers” also included encrypted payment information — a credit card number and expiration date. There is a possibility that hackers have access to information that allows decrypting these payment data. For the rest (supposedly) 100+ million customers leaked limited information about the name and address. 3r366.  3r376. 3r366.  3r376. It can be assumed that the problem was precisely the integration of the newly acquired company, including its information services, more precisely, the lack thereof: Starwood continued to work as an independent structure after the purchase (partly because of that, the hotels owned directly by the Marriott network did not suffer). It is clear that such large business transactions take a very long time, and it is possible that the data leak was detected just during an attempt to merge two different IT systems. Affected customers are promised email notifications and offer a free subscription to a service that tracks the appearance of private data on the network. Promised and increased security corporate infrastructure Starwood. 3r366.  3r376. 3r366.  3r376. Marriott data leakage has a lot in common with the identity theft of Yahoo email users. Then, a data leak of about 500 million users was also detected, and the hacking also could not be detected for a long time - the leak allegedly occurred in 201? and revealed it in 2016. In October last year, another incident became known, during which the data of all three billion users of the company allegedly leaked. Finally, Yahoo at the time was in the process of negotiating the sale of Verizon’s business, but the leakage became known before the transaction, not after. As a result, the value of the company during the takeover fell by $ 350 million - consider direct financial damage from a cyber attack. 3r366.  3r376. 3r366.  3r376. Even if the data from Starwood’s clients ’credit cards did not suffer, cybercriminals actively monetize access to the loyalty programs of the hotel chains themselves. In a small
study
You can get an idea of ​​the value of accounts of various services on the black market by the cybercriminal quotations of Kaspersky Lab expert David Jacobi. Accounts Netflix, Spotify, Steam go for a couple of dollars apiece at retail, and for a few cents - if in bulk. For $ 1? you can get 100 thousand combinations of email and password users from a particular country. Regular change of passwords and the use of a unique password for each service will definitely benefit everyone, regardless of the news of the next major hack. 3r366.  3r376. 3r366.  3r376. Disclaimer: The opinions expressed in this digest may not always coincide with the official position of Kaspersky Lab. Dear editors generally recommend to treat any opinions with healthy skepticism.
3r376. 3r376. 3r376.
3r376.
+ 0 -

Add comment