Disclaimer: I did a lot of the work for marriott.com to run Microservices about 3+ years ago.
With that said, this is surprising to me: Information Protection at Marriott was one of the biggest hurdles to get the new version of their .com up and running, and the 2018 hack came from the Starwood Acquisition.
This one? There's really no good excuse for. Well, forcing employees to change their password every 30 days and keeping 12 months of password retention probably didn't help (super common to just suffix the month/year with your known password to get around that check). Either that, or it was a genuine bad actor/employee inside MI. Anything's possible, I guess.
With that said, this is surprising to me: Information Protection at Marriott was one of the biggest hurdles to get the new version of their .com up and running, and the 2018 hack came from the Starwood Acquisition.
This one? There's really no good excuse for. Well, forcing employees to change their password every 30 days and keeping 12 months of password retention probably didn't help (super common to just suffix the month/year with your known password to get around that check). Either that, or it was a genuine bad actor/employee inside MI. Anything's possible, I guess.