The details of millions of payment cards may have been exposed in a hack on hotel giant Marriott affecting 500 million guests.

The firm says that it recently discovered that the guest reservations database of its Starwood unit has been compromised since 2014.

The database contains information on around 500 million guests. For approximately 327 million of these, the compromised information includes some combination of name, mailing address, phone number, email address, passport number, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

For an unspecified number of other guests, the information also includes payment card numbers and expiration dates.

Marriott says that the numbers were encrypted using Advanced Encryption Standard encryption (AES-128) and that there are two components needed to decrypt them.

However, warns the company, "at this point, Marriott has not been able to rule out the possibility that both were taken".