A cyber breach in Starwood's reservation system had allowed unauthorised access to information about as many as 500 million guests since 2014. Bloomberg
A cyber breach in Starwood's reservation system had allowed unauthorised access to information about as many as 500 million guests since 2014. Bloomberg

Marriott data breach: practical advice from a cybersecurity expert



The potential fallout from the Marriott’s Starwood data breach should be alarming to anyone who has stayed at a Starwood property in the last four years. Not only are guests at risk for opportunistic phishing attacks, but targeted phishing emails are almost certain, as well as phone scams and potential financial fraud. Unlike previous breaches, this attack also included passport numbers for some individuals who are now at increased risk for identity theft. At this point, however, it's unclear what level of exposure each individual victim has been subject to. Until then, all potential victims should assume the worst and take all necessary precautions to protect themselves from all manner of scams.

Sophos, a UK cybersecurity firm, recommends these tips:

Be on alert for "spear phishing"

Marriott has said that personal details associated with the Starwood Preferred Guests accounts have been compromised, and personal email addresses are vulnerable. This creates the perfect scenario for cyber-criminals to actually spear phish consumers because they have this type of detailed information. Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

Be on alert for opportunistic phishing

Marriott said it will email Starwood Preferred Guests and those who may be impacted. Do not click on links in emails or other communication that seem to have come from Marriott or Starwood hotels. It’s possible that criminals will try to take advantage of this by sending malicious tweets or phishing emails that look like they’ve come from the company. Hover over URLs and links to see the address before you click. Look at the email address to see where it is from

Monitor your financial accounts

Reports indicate the attackers may have access to some members’ encrypted credit card information, but it’s not clear as of yet if this information can be decrypted; in general, monitor your credit card for suspicious activity. As a safety precaution, change the password to your online credit card account. If you use the same password for similar financial management websites, immediately change the password on those websites. As a best security practice, always choose a different, strong password for each sensitive account

Change your passwords

It’s not clear as of yet if the attackers have access to Starwood Preferred Guest account passwords, but as a safety precaution, consumers can change their password. If this password is also used for any financial accounts, change those immediately. Monitor your Starwood Preferred Guest account for suspicious activity

Don’t Google “Web Watcher”

Marriott is offering victims in the USA, UK and Canada a free, one year subscription to something it calls WebWatcher, which it describes as a service that monitors "internet sites where personal information is shared." Don't Google it. If you Google “WebWatcher” you won't find the monitoring service, you'll find lots of links to spyware of the same name. Don't sign up for that. Do follow the links to country-specific versions of the official breach site. You cannot sign up for monitoring from the main breach page, you have to go to the all-but-identical versions of the page for the US, UK or Canada

John Shier is senior security advisor at Sophos

FIXTURES

Thursday
Dibba v Al Dhafra, Fujairah Stadium (5pm)
Al Wahda v Hatta, Al Nahyan Stadium (8pm)

Friday
Al Nasr v Ajman, Zabeel Stadium (5pm)
Al Jazria v Al Wasl, Mohammed Bin Zayed Stadium (8pm)

Saturday
Emirates v Al Ain, Emirates Club Stadium (5pm)
Sharjah v Shabab Al Ahli Dubai, Sharjah Stadium (8pm)

How to avoid crypto fraud
  • Use unique usernames and passwords while enabling multi-factor authentication.
  • Use an offline private key, a physical device that requires manual activation, whenever you access your wallet.
  • Avoid suspicious social media ads promoting fraudulent schemes.
  • Only invest in crypto projects that you fully understand.
  • Critically assess whether a project’s promises or returns seem too good to be true.
  • Only use reputable platforms that have a track record of strong regulatory compliance.
  • Store funds in hardware wallets as opposed to online exchanges.
Moral education needed in a 'rapidly changing world'

Moral education lessons for young people is needed in a rapidly changing world, the head of the programme said.

Alanood Al Kaabi, head of programmes at the Education Affairs Office of the Crown Price Court - Abu Dhabi, said: "The Crown Price Court is fully behind this initiative and have already seen the curriculum succeed in empowering young people and providing them with the necessary tools to succeed in building the future of the nation at all levels.

"Moral education touches on every aspect and subject that children engage in.

"It is not just limited to science or maths but it is involved in all subjects and it is helping children to adapt to integral moral practises.

"The moral education programme has been designed to develop children holistically in a world being rapidly transformed by technology and globalisation."

Brief scores:

Manchester City 2

Gundogan 27', De Bruyne 85'

Crystal Palace 3

Schlupp 33', Townsend 35', Milivojevic 51' (pen)

Man of the Match: Andros Townsend (Crystal Palace)

Living in...

This article is part of a guide on where to live in the UAE. Our reporters will profile some of the country’s most desirable districts, provide an estimate of rental prices and introduce you to some of the residents who call each area home.