Chinese Hackers Reportedly Behind Marriott Data Breach Affecting 500 Million Customers

Officials close to the investigation say those customers affected could be approached and recruited as spies.

A visualization of a hacker and the internet.
Who is Danny? / Shutterstock

Officials close to the investigation say those customers affected could be approached and recruited as spies.

After conducting an initial investigation into last month’s security breach of Marriott’s Starwood chain hotel reservation system, U.S. government investigators believe that Chinese state hackers are to blame. The Marriott’s Starwood subsidiaries’ reservation system breach is one of the largest in American history.

The breach exposed the private information and travel itineraries of as many as 500 million Marriott customers, reports the Washington Post. The investigation has not been completed yet, but officials close to the case believe the tactics of the hack indicate that it was executed by people affiliated with the Chinese Ministry of State Security.

An internal security tool flagged the possible breach on September 8, and later revealed that the hackers had accessed critical customer information — and tried to remove it in encrypted form, the company said. It wasn’t until November that Marriott was able to decrypt the information and understand the extent of the breach.

The MSS, an intelligence and security agency, has been accused of instigating many Chinese government intrusions into U.S. networks in recent years. Some U.S. intelligence officials speculate that the breach of Marriott’s system was conducted to expand upon the Chinese data sets which hackers have been accruing for years against the U.S. and other citizens of competing nations.

Such breaches include the 2015 Office of Personnel Management intrusion, which compromised the personal data of more than 20 million government employees, family members, and applicants. Information also was collected during Chinese breaches of health-care institutions, such as Anthem and CareFirst.

The Marriott breach leaked a wide array of personal information including names, addresses, phone numbers, passport numbers, and credit card numbers — as well as travel plans. Such identifiable information is regularly used by criminals aiming to commit identify fraud, but also by intelligence agencies working to build dossiers. From there, intelligence agencies might track the movements of people such as journalists, business executives, military personnel, spies, and diplomats.

Apparently, an intelligence agency can approach one of these individuals to see if he or she could be recruited as a spy — or be blackmailed for critical information. State actors may even go so far as to hold the hacked personal data as leverage, the Washington Post reported.

Officials close to the investigation allege that the Marriott breach utilized the same cloud-hosting space that Chinese state hackers have relied on with past hacks. One particular technique that called for hopping between servers also points the blame at the Chinese.

“If it were a criminal act, people would be trying to sell it,” said one of the people close to the investigation.

China’s foreign ministry declined to comment Wednesday. But last week, a spokesman stated that “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law.”