There has been some chatter about possible Marriott Rewards account breaches in the past couple of weeks. Marriott first sent an email that I should change my password (read more here) and then a week later was forcing me to change the password on file (read more here).
— LoyaltyLobby (@LoyaltyLobby) August 9, 2013
I decided to ask from Marriott using Twitter if their Marriott Rewards customer database with passwords had been breached and surely their reply wasn’t very forthcoming.
The reply from Marriott corporate was clearer, however:
No, the Marriott Rewards database has not been breached and no passwords have been leaked. There have been recent attempts made to gain unauthorized access to a small number of Marriott Rewards members’ online accounts. Once we learned of the situation, we immediately launched an investigation to determine the cause and extent of the unauthorized access. Our Data Privacy and Protection team has implemented safeguards to block these attempts and maintain the ongoing security of all member accounts. We are communicating with our Marriott Rewards members and providing them with resources and guidance as to how they can further protect their accounts. We take this matter very seriously as we have a long-standing commitment to protect the privacy of the personal information that our Marriott Rewards members entrust to us.
The word from Marriott is that there hasn’t been a breach and no passwords have been leaked. Not sure why Marriott is then forcing me to change the password that I have on file with them?
It is always good idea to have rather strong password on file with companies, but how anyone could even remotely remember and come up with unique passwords for each and every service that requires them?