Bright Security’s Enterprise Grade Dev-Centric DAST Integrates with

Microsoft Defender for Cloud →
Product
Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.

Integrations

Connecting your security stack & resolution processes seamlessly.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.

Resources
Blog

Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.

Research

Download whitepapers & research on hot topics in the security field.

Company
About us

Who we are, where we came from, and our Bright vision for the future.

News

Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
Marriott experienced a data breach – Again!

Marriott experienced a data breach – Again!

Admir Dizdar

The hotel giant Marriott confirmed a new data breach, this time involving the personal information of 5.2 million guests.

According to an online notice that Marriott posted on Tuesday, the attack was carried out via a third-party software that Marriott’s hotel properties use to provide guest services.

Marriott discovered the breach in late February. The hackers obtained the login credentials of two employees and broke in weeks earlier, in mid-January.

While Marriott said it has “no reason” to believe payment data was stolen, data like names, addresses, phone numbers, loyalty member data, dates of birth and other travel information were stolen in the breach.

The hotel giant also is forcing password resets for Bonvoy loyalty club members, who will also be prompted to enable multi-factor authentication on their accounts.

This is the Second Marriott breach in two years

This was not the first time that Marriott experienced a data breach. Back in 2018, Starwood, a subsidiary of Marriott, was hacked and personal data and guest records on 383 million guests were exposed. 

The data included five million unencrypted passport numbers, in addition to more than 20 million encrypted passport numbers.

Passport numbers can be used for identity theft and to commit fraud. They are also data that remains highly valuable for spy agencies. Spy agencies can use the information to track down where government officials, diplomats and adversaries have stayed. This gives insight into what would ordinarily be clandestine activities.

Marriot also stated that 8.6 million unique payment card numbers were stolen, but only 354,000 cards were active at the time of the breach.

According to the statement by the company, there is no evidence the hackers stole the keys needed to decrypt the data, but did not say how they came to that conclusion.

The company said the contents of the stolen data were from the Starwood guest reservation database. Marriott acquired the database when it bought Starwood and its 1,200 properties in 2016.

Starwood’s security lapse became the largest data breach that year, and remains one of the most damaging hacking incidents in recent history. 

In response to that breach, European authorities fined  Marriott $123 million.

5 Common Causes for  Data Breaches That Businesses Should Watch Out For

We compiled this list to help organizations prepare and prevent a breach like the one described above. 

No business wants to deal with the blot on its reputation and the huge loss of money that follows a data breach. In order to create a robust data security and network security strategy, it’s important for you to understand what causes a data breach in the first place. Here is a list of some of the most common causes behind data breaches you should watch out for:

  • Software or Network Vulnerabilities
  • Accidental Employee mistake
  • Malicious Misuse by Employee
  • Malware attack
  • Failure in Security of a Physical Device

Software or Network Vulnerabilities

Any software vulnerability that isn’t patched as soon as it is discovered is a convenient target for hackers. Make sure to test your software and find those vulnerabilities before the hackers do. If you can’t find the time or resources to test the software manually, use an automated application security testing solution like Bright.

Also please stay away from pirated software. While the fact that pirated software is illegal should be a reason enough to avoid it, what makes it even worse, it may contain all kinds of malware.

Since the network acts as a layer of protection, any faults in the network design or deployment could also lead to a data breach.

Accidental Employee mistake

From falling for a phishing scam to losing important documents containing confidential information, there is a wide range of mistakes that employees can make, causing a data breach. Lack of proper cybersecurity training as well as of stringent security policies can be blamed for these employee mistakes.

Malicious misuse by employee

Unlike the unintended employee mistakes, malicious misuse by an employee indicates something much more serious. Someone from the inside is intentionally sharing confidential business information for some sort of personal benefit. This cause of a data breach is extremely difficult for an organization to foresee. Defining clear user roles and setting suitable permissions for data and system use can help control access an employee has over business data.

Malware attack

Malvertisements and phishing are among hackers’ favorite ways of spreading malware. Malware attacks can quickly progress from its origin system, move into the network and infect other systems that come in its way. Installing an anti-malware software and keeping it updated is a must for any business. Educating employees about phishing and malvertisement is also essential.

Failure in security of a physical device

A data breach could also happen when a device is no longer secure; meaning the device is either lost or stolen. Those devices can be anything from a mobile device like laptop, smartphone, storage device, to servers. It’s not only important to keep the devices secure in the first place, but it’s also important to take extra measures, like encryption, for protecting the data on the device.

Stay safe out there!

Resources

Domain Hijacking: How It Works and 6 Ways to Prevent It

What Is Domain Hijacking?  Domain hijacking refers to the unauthorized acquisition of a domain name by a third party, effectively taking control away from the rightful owner. This form of cyber attack can lead to significant disruptions, including loss of website functionality, email services, and potentially damaging the brand’s reputation.  Domain hijackers often exploit security

Mastering Vulnerability Management: A Comprehensive Guide

Modern day organizations face a constant barrage of cyber threats, making it imperative to implement robust vulnerability management processes. Vulnerability management is a systematic approach to identifying, evaluating, treating, and reporting on security vulnerabilities in systems and their associated software. In this blog post, we’ll delve into the four crucial steps of vulnerability management process

Vulnerability Scanners: 4 Key Features, Types, and How to Choose

A vulnerability scanner is a specialized software tool designed to assess the security of computers, networks, or applications by automatically detecting and analyzing weaknesses. These scanners proactively search for security vulnerabilities, such as unpatched software, misconfigurations, and other security gaps that could be exploited by attackers. Some scanners can simulate the actions of an attacker to help identify exploitable vulnerabilities.

Get our newsletter