On November 30th, Marriott, owner of Starwood (SPG), announced a substantial breach of their loyalty program system, revealing names, email address, and other sensitive information. There are many articles posted regarding this breach, but here is one to start our discussion: https://www.pcworld.com/article/3324609/security/marriott-starwood-hotel-data-breach-faq.html
After reading this, or another article, what takeaways or lessons learned do you have?
- From the viewpoint of an ethical hacker – How can you learn and use (or avoid) techniques in your engagements?
- From the viewpoint of an architect or defender of systems, What lessons learned do you glean from this breach?