Starwood breach affecting 500M users reportedly part of a larger Chinese state-sponsored attack

Credit: Shutterstock

Remember that massive breach of the Mariott-owned Starwood hotel chain from last month, which saw 500 million users’ data stolen? The New York Times reports that the intrusion was part of a larger state-sponsored intelligence-gathering effort spurred on by China‘s spy agency, the Ministry of State Security.

China was suspected to be behind the attack on Mariott’s network – which took place in September – from the time the breach was discovered. That’s from various security firms’ assessments of the code and patterns used in the attack, which they deemed similar to previous operations by Chinese hackers.

As you’d expect, China denies it had anything to do with it. Geng Shuang, a spokesman for China’s Ministry of Foreign Affairs said:

China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,” he said. “If offered evidence, the relevant Chinese departments will carry out investigations according to the law.

According to the NYT’s sources, the aim of this widespread attack is to gather intelligence on American spies, as well as to pick up data that could be used for counterintelligence operations, and to target individuals.

Whoever’s behind the Mariott breach got hold of some 327 million guests’ passport information; that’s notable, when you consider that the company – which is now the world’s largest hotel chain – is the top hotel service for American government and military personnel.

With all the data the hackers have gathered, they could track “which Chinese citizens visited the same city, or hotel, as an American intelligence agent who was identified in data taken from the Office of Personnel Management or from American health insurers that document patients’ medical histories and Social Security numbers.”

The report follows a major breach of the US Office of Personnel Management from 2014, in which 19.7 million background investigation forms were accessed. That attack was also linked to Chinese hackers.

All this at a time when tensions over trade regulations between the US and China are high – and when another major incident is exacerbating the strain on this relationship: Chinese telecom giant Huawei’s CFO Meng Wanzhou had recently been arrested (and now granted bail) over its violations of US trade sanctions against Iran.

It won’t be easy to smooth things over between the two superpowers given the current state of affairs and the ongoing cyberwar efforts from China – but apparently, the White House is trying its best. Good luck, President Trump.

Read next: HP's $1,500-ish Omen 15 is the sort of laptop gamers dream about