20 hotels suffer hack costing tens of thousands their credit card information

(credit: HEI Hotels & Resorts)

The chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels—HEI Hotels & Resorts—said this weekend that the payment systems for 20 of its locations had been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. HEI claims that it did not lose control of any customer PINs, as they are not collected by the company’s systems.

Still, HEI noted on its website that it doesn’t store credit card details either. “We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” the company said.

The breach appears to have hit 20 HEI Hotels, and in most cases, the malware appears to have been active from December 2, 2015 to June 21, 2016. In a few cases, hotels may have been affected as early as March 1, 2015. According to a statement on HEI’s website, the malware affected point-of-sale (POS) terminals at the affected properties, but online booking and other online transactions were not affected.

Read 4 remaining paragraphs | Comments

20 hotels suffer hack costing tens of thousands their credit card information

(credit: HEI Hotels & Resorts)

The chain that owns Starwood, Marriott, Hyatt, and Intercontinental hotels—HEI Hotels & Resorts—said this weekend that the payment systems for 20 of its locations had been infected with malware that may have been able to steal tens of thousands of credit card numbers and corresponding customer names, expiration dates, and verification codes. HEI claims that it did not lose control of any customer PINs, as they are not collected by the company’s systems.

Still, HEI noted on its website that it doesn’t store credit card details either. “We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” the company said.

The breach appears to have hit 20 HEI Hotels, and in most cases, the malware appears to have been active from December 2, 2015 to June 21, 2016. In a few cases, hotels may have been affected as early as March 1, 2015. According to a statement on HEI’s website, the malware affected point-of-sale (POS) terminals at the affected properties, but online booking and other online transactions were not affected.

Read 4 remaining paragraphs | Comments

Hotel credit card wrong transaction email malware attack

Be on your guard! Emails claiming to be from a hotel about a wrong transaction on your credit card are being spammed worldwide – with the intention of infecting your computer with a malware.

Here’s a typical example. In this case it claims to come from the booking department of the Hotel Swissotel in Chicago:

Hotel malicious email

Hotel Swissotel Chicago made wrong transaction

Dear client!

We are sorry to inform you that on July 26th, 2011 Hotel transaction debiting from your account for an overall amount of $1857.
This partner hotel was divested accreditation in Booking Company with reference of noncompliance of the service contract.
Please see the attached form. You need to fill it in and contact your bank for the return of funds.
In the attachment you will find expense sheet with the sum of wrong transaction writing-down.
Company just mediates and bears no responsibility for any money transactions made by Hotel.
Sorry for the inconvenience. We trust you can solve this unpleasant problem.

Manager: Genaro Dunwiddie

The name of the hotel, the amount of money and the manager’s name can vary from email to email. Similarly the subject lines vary as you can see in the examples below:

Hotel malicious email subject lines

But all of the emails we have seen so far do claim to have a booking refund attached in a ZIP file, and this is where the malware attack is contained.

Of course, even if you weren’t staying at the hotel on July 26th you might still be concerned that your credit card has been abused by someone who *was* enjoying luxurious room service, unfettered use of the mini-bar and a complimentary newspaper.

Recipients who are intrigued to find that they may be owed some money might open the ZIP file without thinking of the possible consequences, and infect their computer with a Trojan horse.

Once infected, remote hackers can take control of your computer – potentially using it to spam out other attacks or to steal information from you.

Sophos detects the malware as Troj/Zbot-AXZ and the ZIP file itself as Troj/Invo-Zip.

Make sure that your anti-virus defences are up-to-date and always be suspicious of unsolicited emails that try to lure you into opening attachments. It could be a ploy by a hacker to hijack your computer.