Password Re-use Fuels Starwood Fraud Spike

January 25th, 2015

“The mass compromise of Starwood accounts began in earnest less than a week ago. That roughly coincides with a Starwoods-specific account-checking tool that was released for free on Leakforums[dot]org, an English-language forum dedicated to helping (mostly low-skilled) misfits monetize compromised credentials from various online services, particularly e-retailers, cloud-based services and points or rewards accounts.

The release of the account checking tool caused numerous Leakforums denizens to run the tool against various username and password lists stolen in previous data breaches. In less than 24 hours after its release, there were more than a half dozen Leakforums members selling compromised accounts. One seller advertised a Starwood account with

70,000 points for sale at just $3, while accounts with about 40,000 points sold for $1.50.”


Subscribe to IUCC Newsletter

IUCC-POSTsConnect with IUCC

fb32 in32 tw32

Search this site