Marriott Forcing Password Changes – Accounts & Passwords Hacked?

4 Comments

Last week, I wrote about the email that I had received from Marriott Regarding my Marriott Rewards account with a suggestion that I should change my password (you can read the article here). Today, when I was trying to log into my account, I was presented with the screen below.

marriott-message-jpg

Marriott was forcing me to change the password that I had on file with them. The text below makes no sense at all. To ensure more “secure” passwords, Marriott doesn’t allow any special characters such as *, &, %, _, – etc.

marriott-insecure-jpg

Actually, using these characters would make the passwords safer rather than unsafe. Not sure what Marriott is thinking here.

marriott-message-body-jpg

When you change your password, you need to confirm you last name and the postal code associated with your account.

I tweeted Marriott and asked if their Marriott Rewards database has been breached. The requirement of changing password with this urgency normally indicates a database breach, where someone has had access to the account info and maybe even salted/hashed password. You can read more about securing online accounts and passwords here.

Conclusion

Not sure what is going on with the account “security” with many of the US companies. I don’t think that Marriott has come clean with their current account security problems.

If you enjoyed this article, get our blog updates for free!

SHARE
Previous articleSPG Promotion: Get 500 Bonus Points Per Stay Using Chinese SPG Android App
Next articleHilton Readying For An Early 2014 IPO?

YOU MIGHT ALSO LIKE