Marriott Attacked via Third-Party Vector, Exposing Info on 5.2 Million Customers

Image of Marriot logo on building
1 April 2020

Prevailion’s platform shows Evidence of Compromise in 2019 leading up to the incident in January.

Marriott International, Inc. is the latest victim in a string of cyber breaches targeting hotel chains, and Evidence of Compromise within Prevailion’s platform captured the key moments the organization veered into compromise territory and ultimately back to stable. 

Marriott disclosed the breach Tuesday in a statement that said information on 5.2 million of its guests may have been compromised. Marriott said the organization believes the attack began in mid-January 2020 with the logins of two employees at a franchise property. 

“At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020,” according to the organization’s update. 

That time frame is consistent with Evidence of Compromise in Prevailion’s Apex Platform, which shows an elevated level of compromise in early January, resolving into stable by January 21; along with other compromise events throughout late 2019 precipitating the attack.


Screenshot of Marriott International, Inc. from within Prevailion’s Apex Platform of Compromise Intelligence.

Prevailion CEO Karim Hijazi called Marriott’s circumstance “a clear example of third-party contagion risk.” 

An attack from a third-party vector grows increasingly likely as organizations expand their true perimeters with each new partner connection. But organizations are still grappling with how to obtain reliable optics on the activity within those third-party connections.

Read more about this hidden weakness and Prevailion’s Compromise Intelligence capabilities in our new white paper: Third-Party Cyber Defense: A New Level of Control & Visibility by Tracking the Adversary.

The Latest

Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond

Introduction: Prevailion’s Adversarial Counterintelligence Team (PACT) is using advanced infrastructure hunting techniques and Prevailion’s unparalleled visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign.  UNC1151 is likely a state-backed threat actor [1] waging an ongoing and far-reaching influence campaign that has targeted numerous countries across […]

Prevailion CEO, Karim Hijazi- Biden’s Cybersecurity Strategy

Prevailion CEO, Karim Hijazi, comments on lacking White House cybersecurity efforts Karim Hijazi lays out why Biden’s cybersecurity strategy lacks innovation and effectiveness to deal with modern adversaries already inside companies around the globe.    

Prevailion CEO, Karim Hijazi- Tmobile Hack

Prevailion CEO, Karim Hijazi, talks about the T-Mobile hack and cloned SIM cards Karim Hijazi says T-Mobile’s breach is the largest in carrier history and discusses SIM swapping and other forms of identity theft.    

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.