Malware found on hotel chain's PoS terminals


People staying at a Starwood-owned hotel or resort since last year have been warned to check their credit card statements for any transactions they didn't make, after it was disclosed that malware had infected the chain's point-of-sale terminals and could have stolen hotel users' personal and financial data.

Around 54 hotels run by Starwood are thought to have been affected by the security breach. The chain announced on Friday that a malware attack against its PoS systems had begun in November 2014.

The hotel chain used a third-party forensic company to investigate the breach. Based on the investigation, malware was detected that affected certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties. It said the malware "no longer presents a threat".

"We have no indication at this time that our guest reservation or Starwood Preferred Guest membership systems were impacted," Starwood President Sergio Rivera said in a letter to affected customers. "The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. There is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue."

The hotel chain said that guests should monitor credit card statements and if they believe their card had been affected, they should get in touch with their bank or card issuer.

The company has published a list of locations that were affected by the malware. This list also includes dates during which each location's systems were infected.

Ryan Wilk, director at NuData Security, said that while they can't know for sure what hackers' long-term plans are, it does seem credible that they are targeting specific industries that likely have the same exploits in order to maximise their efforts before moving on to the next industry.

"Once they get the card numbers, hackers then sell them on the Dark Web, use them directly in credit card cycling scams, or tie them to other data leaks to create full personas ripe for identity theft or fraudulent account creation, likely contributing to the overall increase in account takeovers we've seen, over 100 per cent increase since February 2015."

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.