updated 08:10 pm EDT, Mon April 9, 2012
Marriott hotel says ISP was to blame for Wi-Fi
Marriott in a statement Monday quickly brought to a close an escalating row over its hotels' Wi-Fi hotspots injecting secret ads. It claimed to the New York Times that banner ads popping up in the web browser, which weren't part of the page, were actually the output of their Internet service provider for two of its New York City hotels. The ads had slipped in "unbeknownst to the hotel," Marriott said, and had been turned off.
The insertion of ads above and beyond the actual content was a "common marketing practice," but wasn't approved by the hotel. Data hadn't been compromised.
Marriott's issue reached the forefront when web developer Justin Watt found that each page was actually being changed on the spot. The official version of the story is supported by references to an RG Nets service called Revenue Extraction Gateway that's designed for making money from public hotspots. While theoretically just for money, it could be used to insert rogue code or manipulate the main content of a page, not just its ads.
It's possible other hotels may face similar questions, but they haven't been subject to the same scrutiny.