Marriott says 5.2 million guest records were stolen in another data breach, said Marriott. 31st Mar 2020

Preface: Perhaps this is not the key factor causes data breach on Jan 2020. But the sound can tell.

Observation: It is believed that a new round of data breaches by Marriott this week has attracted attention. Maybe the hotel industry will run within 24 hours. Do maintenance or system upgrade is not easy. We only look at the homepage of Marriott’s “Member Credit Card Rewards”. Found a vulnerable “jquery” still in operation. From attacker point of view, such hints similar give him an indication that this web site may have more space for exploitation. As we know, jQuery(version 1.11.3) which has XSS vulnerability found on March, 2017. Why still valid in an enterprise web site. The root cause is hard to tell. May be it is a extend legacy web application. I think you will be concern the details of official announcement. See below url:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.