Categories
Security

The Marriott hotel chain has been hit by another data breach

The Marriott International hotel chain has confirmed that it has been hit by yet another data breach that exposed staff and customer information – an unfortunate security incident for a company that was affected by a number of major hacks in recent years.

In the latest incident, first reported by DataBreaches.net, hackers are reported to have stolen around 20GB of data, including confidential business documents and customer payment information, from the BWI Airport Marriott in Baltimore, Maryland. Redacted sample documents published by DataBreaches appear to show credit card authorization forms, which would give an attacker all of the details needed to make fraudulent purchases with a victim’s card.

Melissa Froehlich Flood, a spokesperson for the Marriott, told The Verge that the company was “aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer.” Before going public with the hack, the threat actor had tried to extort the hotel chain but no money was paid, Froehlich Flood said.

The threat actor did not gain access to Marriott’s core network and accessed information that “primarily contained non-sensitive internal business files,” the spokesperson said. But, nonetheless, Marriott is preparing to notify between 300 and 400 individuals about the data breach. Law enforcement agencies have also been notified, she said.

Based on current reports, the latest incident is far less severe than previous hacks that have targeted the hotel chain. In 2018, Marriott revealed that it had been hit by an enormous database breach that affected up to 500 million guests of the Starwood hotel network, which was acquired by Marriott in 2016. Two years later, another data breach in 2020 exposed the personal information of 5.2 million guests.

“As this latest data breach demonstrates, organizations that are victims of previous attacks are more likely to be targeted in the future,” said Jack Chapman, VP of threat intelligence at cloud security provider Egress. “Social engineering is a highly effective tool and cybercriminals know that an organization’s people are its biggest vulnerability – which is why they return to this technique again and again.”

Repost: Original Source and Author Link

Categories
Tech News

Disney MagicMobile lets you into parks, rides, and hotel rooms with your phone

Disney today revealed that it will soon offer smartphone NFC access points at its parks through new functionality it’s calling MagicMobile. Those who frequent Disney parks are likely already familiar with the MagicBand, which is a physical band visitors wear on their wrist that allows them to carry out a number of functions by simply waving the band in front of an access point. MagicMobile seems to work a lot like the MagicBand, only it drops the physical wristband in favor of a smartphone.

In fact, Disney directly compares the two in its announcement today, saying that MagicMobile is “a convenient and contactless way to access MagicBand features like theme park entry through the power of your iPhone, Apple Watch or other smart device.” MagicMobile users will first need to create a MagicMobile pass using the My Disney Experience app and then add it to their device’s digital wallet before it can be used in parks, but once that’s done, Disney says that most functionality can be access just by holding your phone up to an access point.

Disney doesn’t get too specific about what MagicMobile will be capable of, but knowing what MagicBand already does, we should be able to make some educated guesses. In addition to allowing park entry, MagicBand can also be used to unlock your hotel door within Disney Resorts, check in at FastPass+ entrances, save Disney PhotoPass images to your Disney account, and even charge food and other products you purchase in the park to your hotel room (assuming, again, that you’re staying at a Disney Resort when you visit).

So, it seems safe to assume that MagicMobile will be capable of all of those things as well, and Disney says that users will have their choice of using a physical MagicBand or a MagicMobile pass (or both at the same time) when they visit a park.

Disney doesn’t say when, precisely, MagicMobile will roll out, but it previously said that it was targeting a 2021 launch for the service. As the statement we quoted above suggests, Disney says that MagicMobile will roll out on Apple devices first, with no word on when the service might come to Android. We’ll let you know when Disney reveals more, so stay tuned.

Repost: Original Source and Author Link