Chinese Hackers Behind Marriott Breach, White House Claims

Today’s topics include the White House claiming the Marriott Starwood hack was China-sponsored, and Salesforce letting developers use JavaScript to create Lightning Web Components.

The White House is saying that an attack on Marriott’s Starwood reservations database was done at the hands of the Chinese Ministry of State Security, a claim other experts agree with. The group of Chinese hackers behind the Starwood breach appears to be the same ones behind the Office of Personnel Management breach and the Anthem breach, meaning they have access to a vast amount of information that can be used to seed a massive data analysis project.

Two things about the Starwood breach tend to support the fact that it was nation-state sponsored. First, the fact that they took passport numbers will provide a look into the travel habits of those people, as they might feel it is easier to compromise someone while they’re traveling. Second, this information isn’t showing up for sale on underground markets; if it had been a simple data grab, the hackers would want to monetize their gains.

What this means is there will likely be an increase in phishing attacks that seem to benefit from surprisingly detailed information.

On Dec. 13, announced plans to let developers use JavaScript to create Lightning Web Components in the company’s Lightning application framework that underpins its customer relationship management platform.

Previously, Lightning developers were limited to Salesforce’s own, less widely used Aura programming model to build Lightning Components.

According to Anne DelSanto, executive vice president and general manager for Platform at Salesforce, “One of the core technologies powering the internet is JavaScript, which is used in 95 percent of the websites out there and IDC estimates there are 7 million JavaScript developers. At the same time, there’s a massive shortage of developers in the U.S., with over 250,000 jobs unfilled, and that lack of talent slows innovation. We want to make sure we are empowering companies to leverage existing skills without having to train for specific languages.”