Marriotts poor data breach response is putting victims at risk of phishing

Last Thursday, Marriott sent out millions of emails warning of a massive data breach some 500 million guest reservations had been stolen from its Starwood database.
One problem: the email senders domain didnt look like it came from Marriott at all.
Marriott sent its notification email from, which is registered to a third party firm, CSC, on behalf of the hotel chain giant. But there was little else to suggest the email was at all legitimate the domain doesnt load or have an identifying HTTPS certificate. In fact, theres no easy way to check that the domain is real, except a buried note on Marriotts data breach notification site that confirms the domain as legitimate.
But what makes matters worse is that the email is easily spoofable.
Often what happens after a data breach, scammers will capitalize on the news cycle by tricking users into turning over their private information with their own stream of fake messages and websites. Its more common than you think. People who think theyre at risk after a breach are more susceptible to being duped.
Companies should host any information on their own websites and verified social media pages to stop bad actors from hijacking victims for their own gain. But once you start setting up your own dedicated, off-site page with its unique domain, you have to consider the cybersquatters those who register similar-looking domains that look almost the same.
Take To the untrained eye, it looks like the legitimate domain but many wouldnt notice the misspelling. Actually, it belongs to Jake Williams, founder of Rendition Infosec, to warn users not to trust the domain.
I registered the domains to make sure that scammers didnt register the domains themselves, Williamstold TechCrunch.After the Equifax breach, it was obvious this would be an issue, so registering the domains was just a responsible move to keep them out of the hands of criminals.

Marriott says 500 million Starwood guest records stolen in massive data breach
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2020    »