Profile picture
Matthew Green @matthew_d_green
, 6 tweets, 1 min read Read on Twitter
Looking at this Marriot breach I’m starting to think maybe they didn’t encrypt their credit card data very well.
The question is whether plaintext card numbers were stolen at the point of sale terminals (do hotels have real PoS terminals?), some other system that saw plaintext, some point of decryption, or if the attackers just got the private keys.
Sometimes I feel like encryption is counterproductive, just because bad encryption is often worse than no encryption — in the sense that it makes regulators go away without doing anything to protect customer data.
🤷‍♀️
Notice the phrasing here: both components (meaning the decryption keys) may have been “taken”. Not “accessed”. Sounds like they didn’t store the keys inside of an HSM, they just put them on a server somewhere.
“We locked our doors with two separate keys and put them under two completely different potted plants.”
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Matthew Green
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!