Hacker Claims That Hilton Hotels Data From 2017 On 3.7 Million Users Of Their Loyalty Program Is For Sale

Having personally been a victim in the Marriott hack where data on millions of guests went into the dark web, I am sensitive to other hacks of this type. Which is why this story about Hilton Hotels got my attention:

User data of Hilton Hotels have been put on sale on a dark web forum. A forum user under the alias IntelBroker has offered a database of 3.7 million users belonging to the Hilton Hotels Honors program.  

“Today I have uploaded the Hilton Hotels Honors 2017 Database for you to download,” said the post. 

According to the threat actor, the data contains personally identifiable information (PII) such as honors ID, address, name etc. However, the hotel group’s spokesperson denied any possibility of a data breach news

There is no evidence to suggest Hilton systems have been compromised, and we can confirm that no guest passwords, contacts or financial information have been disclosed,” the spokesperson told The Cyber Express. 

“We are investigating this report closely and taking all appropriate measures to ensure the continued security of our Hilton Honors members’ and guests’ information.”   

So, until someone tests this claim by verifying the information, which to be clear dates back to 2017, we have no confirmation that this is legit. And even though Hilton was previously pwned in 2015, there’s no indication that they have been pwned again. At least not yet.

David McCaw, Co-Founder & CRO, Dasera had this to say:

“The recent alleged data breach of Hilton Hotels’ Loyalty Program is a bit unsettling. With the high probability of any company being the victim of a data breach, it’s worrying that a hacker could possibly lie about a data breach of this magnitude and draw attention, eroding at least a bit of the organization’s reputation. Regardless, Hilton’s prompt response and due diligence into the alleged hack should be commended. Data security is of the utmost importance, and more than anyone, Hilton understands the concerns the recent news may have caused for its customers, myself being one of them. We all need to fully accept and recognize that data breaches can happen to any organization and it is crucial to have strong data governance and security measures in place to prevent them. This includes regular security audits, access controls, encryption, employee training on security best practices, and incident response plans in case of a security breach. We hope for Hilton’s and their customers’ sake that the situation will be resolved quickly and efficiently and that they remain committed to keeping their customers’ personal information secure.”

This is one of these situations where we will have to watch and see if this is legit and how bad this is. And more importantly, how Hilton responds to this.

Leave a Reply

%d bloggers like this: