Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > ITA Airways | Volare > Alitalia | MilleMiglia
Reload this Page >

Security (lack of) on frequent flyer account

Register
Community
Wiki Posts
Today's Posts
Search

Security (lack of) on frequent flyer account

Thread Tools
 
Search this Thread
 
Old Jul 8, 2015, 5:29 am
  #1  
Original Poster
 
Join Date: Aug 2003
Location: London, UK
Programs: bmi DC, BAEC
Posts: 1,108
Security (lack of) on frequent flyer account
I recently signed up to MilleMiglia and was surprised to find that they emailed me a PIN ... and was even more surprised to find that they will send you a PIN reminder !

This suggests that they are not storing PINs in a secure way.

Beware that if they get hacked, your PIN will be there for the taking !
fartoomanyusers is offline  
Reply
Old Jul 9, 2015, 9:01 am
  #2  
 
Join Date: Jan 2004
Location: AMS,BRE,ABE
Programs: AY-G, TK*S, AB-S, EY, LH, DL, UA, BA, AA, all hotel programmes
Posts: 1,345
well, you need to have access to the e-mail account that you used to sign up to that flyer account. Not very safe, true...
mith is offline  
Reply
Old Jul 10, 2015, 3:09 pm
  #3  
 
Join Date: Aug 2010
Location: Sheffield, UK
Programs: BA - Silver,Hilton-Diamond, IHG - PlatAmb, GHA - Plat
Posts: 766
But they don't include the account number in the email, which contains the PIN number, in fact they don't email the Account number at any stage of the process..

Also when retrieving your Pin you have to provide your account number and surname,,

So the hacker has to have access to where you store YOUR account number, your email account and know what to look for...

If it comes to this then you are the security risk, and you have probably got a keylogger / Trojan installed
atmorris is offline  
Reply
Old Jul 22, 2015, 4:17 am
  #4  
Original Poster
 
Join Date: Aug 2003
Location: London, UK
Programs: bmi DC, BAEC
Posts: 1,108
Originally Posted by atmorris
But they don't include the account number in the email, which contains the PIN number, in fact they don't email the Account number at any stage of the process..

Also when retrieving your Pin you have to provide your account number and surname,,

So the hacker has to have access to where you store YOUR account number, your email account and know what to look for...

If it comes to this then you are the security risk, and you have probably got a keylogger / Trojan installed

my point is that they are clearly holding my PIN in their systems - so a rogue employee or hacker will be able to extract all my details ...

compare that to google/facebook etc. who never email you your password - because they are not held in easily extractable format waiting for a hacker to hoover up my information ...
fartoomanyusers is offline  
Reply



Advanced Search
Reply Closed Thread Share
Forum Jump

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.