Security (lack of) on frequent flyer account
#1
Original Poster
Join Date: Aug 2003
Location: London, UK
Programs: bmi DC, BAEC
Posts: 1,108
Security (lack of) on frequent flyer account
I recently signed up to MilleMiglia and was surprised to find that they emailed me a PIN ... and was even more surprised to find that they will send you a PIN reminder !
This suggests that they are not storing PINs in a secure way.
Beware that if they get hacked, your PIN will be there for the taking !
This suggests that they are not storing PINs in a secure way.
Beware that if they get hacked, your PIN will be there for the taking !
#3
Join Date: Aug 2010
Location: Sheffield, UK
Programs: BA - Silver,Hilton-Diamond, IHG - PlatAmb, GHA - Plat
Posts: 766
But they don't include the account number in the email, which contains the PIN number, in fact they don't email the Account number at any stage of the process..
Also when retrieving your Pin you have to provide your account number and surname,,
So the hacker has to have access to where you store YOUR account number, your email account and know what to look for...
If it comes to this then you are the security risk, and you have probably got a keylogger / Trojan installed
Also when retrieving your Pin you have to provide your account number and surname,,
So the hacker has to have access to where you store YOUR account number, your email account and know what to look for...
If it comes to this then you are the security risk, and you have probably got a keylogger / Trojan installed
#4
Original Poster
Join Date: Aug 2003
Location: London, UK
Programs: bmi DC, BAEC
Posts: 1,108
But they don't include the account number in the email, which contains the PIN number, in fact they don't email the Account number at any stage of the process..
Also when retrieving your Pin you have to provide your account number and surname,,
So the hacker has to have access to where you store YOUR account number, your email account and know what to look for...
If it comes to this then you are the security risk, and you have probably got a keylogger / Trojan installed
Also when retrieving your Pin you have to provide your account number and surname,,
So the hacker has to have access to where you store YOUR account number, your email account and know what to look for...
If it comes to this then you are the security risk, and you have probably got a keylogger / Trojan installed
my point is that they are clearly holding my PIN in their systems - so a rogue employee or hacker will be able to extract all my details ...
compare that to google/facebook etc. who never email you your password - because they are not held in easily extractable format waiting for a hacker to hoover up my information ...