Security Experts:

Connect with us

Hi, what are you looking for?



Chinese Government Suspected in Marriott Hack: Report

The massive Marriott data breach affecting as many as 500 million individuals may be the work of hackers sponsored by the Chinese government, Reuters learned from several people investigatin

The massive Marriott data breach affecting as many as 500 million individuals may be the work of hackers sponsored by the Chinese government, Reuters learned from several people investigating the incident.

Reuters’ sources said the hackers left behind some clues suggesting that the attack was part of an intelligence gathering operation conducted by the Chinese government. This assumption is based on the use of tools, techniques and procedures (TTPs) known to be associated with Chinese threat actors.

The potential involvement of the Chinese government in the breach suggests that the goal was espionage rather than financial gain.

However, Reuters’ sources admitted that since some of the hacking tools used in the attack are widely available, someone other than China could be behind the operation. Attribution is also made difficult by the fact that Marriott’s Starwood network had been compromised since 2014, which makes it more likely that several threat groups had access.

Marriott has refused to comment on the China attribution and representatives of the Chinese government reiterated that they oppose all types of cyberattacks.

China has been the main suspect in several high-profile attacks, including the massive breach disclosed by the U.S. Office of Personnel Management (OPM) in 2015.

Experts told Reuters that a cyber espionage operation could not be ruled out, especially judging by the duration of the campaign and the fact that the attackers managed to stay hidden for so long. Financially-motivated cybercriminals are typically more interested in obtaining the data quickly, even if their activities are more likely to be detected by the victim.

In January, China ordered Marriott to suspend its Chinese website and app for one week after a survey sent out by the company listed Tibet and Taiwan as countries – China says Tibet and Taiwan are its territory.

Marriott revealed on November 30 that roughly 500 million individuals who had stayed at Starwood hotels may have had their personal information stolen by hackers. The attackers accessed names, addresses, phone numbers, email addresses, passport numbers, travel information and, in some cases, payment card data.

The hotel giant learned of the breach on September 8, when one of its internal security tools detected suspicious activity related to the Starwood guest reservation database. The investigation launched by the company revealed that the unauthorized access may have dated as far back as 2014.

Unsurprisingly, several lawsuits have been filed against Marriott over the data breach, by both customers and investors.

Related: Schumer Says Marriott Should Pay to Replace Hacked Passports

Related: Espionage, ID Theft? Myriad Risks From Stolen Marriott Data

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...