DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hyatt Gold Passport notifies a small number of loyalty program members of possible breach (update2)

Posted on April 22, 2015 by Dissent

Hyatt is sending some customers enrolled in their loyalty points program, Gold Passport, notification of a possible breach of their information. As with some other loyalty card breach reports we’ve seen recently, Hyatt’s notification indicates that there is no evidence that their system was breached and that the miscreants may have obtained customers’ login credentials from other sources or by other means.

Hyatt is requiring a password reset for affected accounts.

Here’s a screencap of the notification, courtesy of Suzanne Widup and VERISDB:

c56f9d1c-e90f-11e4-8ed4-6cb54b7485b3

“As part of Hyatt Gold Passport’s routine monitoring of member account activity, we found a small number of accounts were accessed by an unauthorized individual utilizing member usernames and passwords. We have no reason to believe, at this time, the login information was obtained through Hyatt Gold Passport, and we continue to analyze and monitor our systems. We have reached out to members we know have been affected to resolve any concerns.

To enhance your account security, we are resetting all passwords connected to a username. The next time you sign in to your Hyatt Gold Passport account, you will need to change your password by following the directions below. We strongly recommend that you reset your username and password to a unique combination not used elsewhere. You will not be able to access your account online until you change your password.

To change your Hyatt Gold Passport password:
1) Visit goldpassport.com
2) Click “Forgot Password” in the sign-in section and follow the directions
3) Look for a temporary password sent to your email and follow the directions

We apologize for any inconvenience. If you have any questions, please call us anytime at 800.228.3360 in the US and Canada or contact Hyatt in your region. ”

The notification does not say how or if the information was misused in any way, nor how many members, total, are being notified.

UPDATE: See the comment below from “JJ,”. In separate communication, JJ also informs DataBreaches.net:

And when I reset my password, it had this wonderful note:

“To access all of the exclusive features inside goldpassport.com, follow the steps to create your new password. Your new password should be 6 to 35 letters and/or numbers. Special characters such as @#$%^&*:;/ are not permitted.”

Jeez. Why would they prohibit special characters? How much time have they now saved hackers by doing that?

UPDATE 2: Steve Ragan has the numbers on CSO Online:

On Tuesday, Hyatt alerted some 200 customers that their Gold Passport account had been flagged for suspicious activity, while the other 18 million members have had their account passwords reset out of an abundance of caution.

Related posts:

  • Carbonite forces password reset after password reuse attack
  • EXCLUSIVE: Russian hackers claim they still own Detour Gold, dump more data
  • Rewards “R” Us members notified of forced password reset
Category: Business SectorOtherU.S.

Post navigation

← Costa Coffee Club warns of possible database intrusion
NC: Wake County Public Schools take servers offline after DDoS attack →

1 thought on “Hyatt Gold Passport notifies a small number of loyalty program members of possible breach (update2)”

  1. JJ says:
    April 22, 2015 at 10:10 pm

    “To enhance your account security, we are resetting all passwords connected to a username.”

    Ummm, aren’t all passwords connected to a username? I’m pretty sure a single username could not have multiple passwords associated with it. With all of the PR and legal review that email had to undergo, that is really strange wording.

    My account was setup five months ago and only accessed between the end of November and early January for a vacation. The username and password were not used on any other site and was only used from my home laptop. I’m glad I did not have a credit card on file with them. I think there will be a Paul Harvey moment in the future.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.