Pedestrians walk past a Marriott International Inc. hotel in Chicago, Illinois, U.S., on Friday, Nov. 30, 2018. A cyber breach in Starwood's reservation system had allowed unauthorized access to information about as many as 500 million guests since 2014. Photographer: Daniel Acker/Bloomberg
A cyber breach in Starwood's reservation system had allowed unauthorised access to information about as many as 500 million guests since 2014. Bloomberg

Marriott data breach: practical advice from a cybersecurity expert



The potential fallout from the Marriott’s Starwood data breach should be alarming to anyone who has stayed at a Starwood property in the last four years. Not only are guests at risk for opportunistic phishing attacks, but targeted phishing emails are almost certain, as well as phone scams and potential financial fraud. Unlike previous breaches, this attack also included passport numbers for some individuals who are now at increased risk for identity theft. At this point, however, it's unclear what level of exposure each individual victim has been subject to. Until then, all potential victims should assume the worst and take all necessary precautions to protect themselves from all manner of scams.

Sophos, a UK cybersecurity firm, recommends these tips:

Be on alert for "spear phishing"

Marriott has said that personal details associated with the Starwood Preferred Guests accounts have been compromised, and personal email addresses are vulnerable. This creates the perfect scenario for cyber-criminals to actually spear phish consumers because they have this type of detailed information. Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

Be on alert for opportunistic phishing

Marriott said it will email Starwood Preferred Guests and those who may be impacted. Do not click on links in emails or other communication that seem to have come from Marriott or Starwood hotels. It’s possible that criminals will try to take advantage of this by sending malicious tweets or phishing emails that look like they’ve come from the company. Hover over URLs and links to see the address before you click. Look at the email address to see where it is from

Monitor your financial accounts

Reports indicate the attackers may have access to some members’ encrypted credit card information, but it’s not clear as of yet if this information can be decrypted; in general, monitor your credit card for suspicious activity. As a safety precaution, change the password to your online credit card account. If you use the same password for similar financial management websites, immediately change the password on those websites. As a best security practice, always choose a different, strong password for each sensitive account

Change your passwords

It’s not clear as of yet if the attackers have access to Starwood Preferred Guest account passwords, but as a safety precaution, consumers can change their password. If this password is also used for any financial accounts, change those immediately. Monitor your Starwood Preferred Guest account for suspicious activity

Don’t Google “Web Watcher”

Marriott is offering victims in the USA, UK and Canada a free, one year subscription to something it calls WebWatcher, which it describes as a service that monitors "internet sites where personal information is shared." Don't Google it. If you Google “WebWatcher” you won't find the monitoring service, you'll find lots of links to spyware of the same name. Don't sign up for that. Do follow the links to country-specific versions of the official breach site. You cannot sign up for monitoring from the main breach page, you have to go to the all-but-identical versions of the page for the US, UK or Canada

John Shier is senior security advisor at Sophos

The Facility’s Versatility

Between the start of the 2020 IPL on September 20, and the end of the Pakistan Super League this coming Thursday, the Zayed Cricket Stadium has had an unprecedented amount of traffic.
Never before has a ground in this country – or perhaps anywhere in the world – had such a volume of major-match cricket.
And yet scoring has remained high, and Abu Dhabi has seen some classic encounters in every format of the game.
 
October 18, IPL, Kolkata Knight Riders tied with Sunrisers Hyderabad
The two playoff-chasing sides put on 163 apiece, before Kolkata went on to win the Super Over
 
January 8, ODI, UAE beat Ireland by six wickets
A century by CP Rizwan underpinned one of UAE’s greatest ever wins, as they chased 270 to win with an over to spare
 
February 6, T10, Northern Warriors beat Delhi Bulls by eight wickets
The final of the T10 was chiefly memorable for a ferocious over of fast bowling from Fidel Edwards to Nicholas Pooran
 
March 14, Test, Afghanistan beat Zimbabwe by six wickets
Eleven wickets for Rashid Khan, 1,305 runs scored in five days, and a last session finish
 
June 17, PSL, Islamabad United beat Peshawar Zalmi by 15 runs
Usman Khawaja scored a hundred as Islamabad posted the highest score ever by a Pakistan team in T20 cricket

What is the Supreme Petroleum Council?

The Abu Dhabi Supreme Petroleum Council was established in 1988 and is the highest governing body in Abu Dhabi’s oil and gas industry. The council formulates, oversees and executes the emirate’s petroleum-related policies. It also approves the allocation of capital spending across state-owned Adnoc’s upstream, downstream and midstream operations and functions as the company’s board of directors. The SPC’s mandate is also required for auctioning oil and gas concessions in Abu Dhabi and for awarding blocks to international oil companies. The council is chaired by Sheikh Khalifa, the President and Ruler of Abu Dhabi while Sheikh Mohamed bin Zayed, Abu Dhabi’s Crown Prince and Deputy Supreme Commander of the Armed Forces, is the vice chairman.