Basically if you’ve stayed at Starwood’s hotel brands that include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton - your information is pwned
name address phone number email address passport number account information date of birth gender arrival and departure information
how they have so many people?
Starwood is one of the largest international hotel chains
read: all guest stay details since ~2014
luckily I can change my passport number quite easily – thanks to my newfangled e-ink passport
Is that for real? E ink passport?
just imagine: single use passport numbers
I think this should just teach folks everywhere to rarely share accurate details that are never used with folks that don’t need the details. Typically there are no consequences for providing a wrong birthdate / address / phone / passport#
1Password should implement an identity generator
So I can have a unique identity for every property
I like that idea
can it also make up unique answers to “security” questions too ?
But let 1p keep track of it so I am not stuck in identity verification hell
@tamsky an e-ink passport?
Ah, as someone that has worked at the UK passport office that sounded interesting :D
So the sad part is, they store everything, but when you checkin at the hotel you still wait 10 minutes for the clerk to type everything over again and again
Next hack will be Hertz & Enterprise
https://www.gemalto.com/govt/travel/security-printing – apparently counterfeiting is still a thing
Security Printing solutions for national passport integrity : an expert guide on how best Gemalto use paper elements to protect any principles of passport design.
Stuff like this makes GDPR is a very needed initiative.. Policy.
I dunno, I feel like fines, or the threat of fines, won’t prevent these events
fines don’t get anyone’s data back
Fines will make companies do more to prevent things like this to happen. Personal data must be spread out, and for warehousing it must be anonimized for example. Also the retention of data is a topic.
I was a customer of Mariott in 2015.. why is my data still there ?
agree with all that
Rules on the length of time personal data can be stored and whether it needs to be updated under the EU’s data protection rules.
Aye, I know UK PCI mandates data can only be stored for a year, not sure about PII
@Erik Osterman (Cloud Posse) set the channel topic:
EDIT 26/11/2018: Am I affected?: If you are using anything crypto-currency related, then maybe. As discovered by @maths22, the target seems to have been identified as copay related libraries. It on…
Aye, people giving maintainer quite a lashing
yea, it’s given me pause
we also maintain
cloudposse/packages which basically bundles other repos binaries
need something like that for npm
blockchain for packages lol
I don’t feel like a web of trust helps prevent the attack; and only marginally affects the ability to cast blame. Malicious code/package changes could happen, but a developer may be only guilty of having their signing key compromised.
security is always just about layers
a developer can also be held at gun point
^^ Sounds like suggesting a key signing party. Weird places
I’m still waiting for the first malicious Ubuntu PPA
On the eve of re:Invent 2018, I’m pleased to announce that AWS is launching our first conference dedicated to cloud security: AWS re:Inforce. The event will offer a deep dive into the latest approaches to security best practices and risk management utilizing AWS services, features, and tools. Security is the top priority at AWS, and […]
Uh oh, think solar winds properties were hacked
Wow they are planning a 500m IPO
The provider of IT management solutions, currently owned by two private equity giants, has expanded its cloud capabilities this year through two major acquisitions
Okay, maybe not hacked https://mobile.twitter.com/geekmuse/status/1064604275089842177