After the Massive Marriott Data Breach, 1 Important Thing You Can Do to Better Protect All Your Online Accounts
To protect yourself from website data breaches and hackers, this is one of the most effective actions to take.
PHOTO CREDIT: Getty Images
Marriott just announced one of the biggest data breaches to date. Data from up to 500 million accounts from its Starwood reservation system were exposed. Even more alarming is that hackers had access to this information over four years. Cool.
What information was exposed
Hackers copied information from the Starwood guest reservation database. According to Marriott's frequently asked questions about the breach, the following personal information was exposed:
Payment card numbers
Payment card expiration dates
Starwood Preferred Guest ("SPG") account information
Dates of birth
Arrival and departure information
If you made a reservation at a Starwood property between 2014 and September 10, 2018, your personal data was likely exposed. Marriott hotels operate on a separate reservation system and were not affected. Starwood is beginning to notify people via email if they were affected.
What to do about the Marriott breach
There's a laundry list of actions you should take to protect yourself.
- Monitor your Starwood account for suspicious activity.
- Keep an eye on your bank statements for strange charges.
- Some security experts are recommending you freeze your credit, which would prevent anyone from applying for loans or credit cards in your name.
- Don't click emails asking for your personal info, even if they look official. (Any official emails coming from Marriott will come from email@example.com.)
Marriott is also offering a free year to a service called WebWatcher, which will monitor your the internet for your personal info. You can sign up on the Marriott breach information page.
Above all, do 1 thing to better protect your online accounts
If you have a Starwood online account, changing your password is also smart move. But if you do one thing, it's this: Also change your password in every single place where you've reused that same password. Use a different and unique password for every account. And definitely create a password that's on the most commonly used passwords list.
Hackers love when you use the same password on multiple accounts. Because now they can try to log in to all sorts of accounts -- and often times they will succeed.
If someone got their hands on your email address and password from the Starwood breach, they can write a simple program to try that same combination on thousands of websites at once. Bank websites. Email clients. Anything really.
It's time for some digital housekeeping
Most of us have hundreds of online accounts. Who's going to remember hundreds of passwords? No one.
That's what a password manager is for. The beauty of a password manager is that you don't have to remember any of your passwords. The software does it for you. You just need to remember one: the password you use to log in to your password manager.
A password manager saves all your passwords, then autofills them into websites and apps for you. It can also generate strong, unique passwords. Troy Hunt, a security expert who manages the a large database of data breaches, says the most secure password is one you can't remember.
Getting set up with a password manager and changing all your passwords isn't hard. It just takes time. But it's really one of the best things you can do to boost the security of all your online accounts -- and give you better peace of mind. There's little you can do to prevent data breaches from happening, and unfortunately they're becoming more common. But you can take steps to protect your data, starting with better, unique passwords.
At the very least, do it for all accounts that contain any deeply personal information or financial information, such as your email accounts, bank accounts, and retirement accounts. You'll feel much better that you did.