BAEC account password reset (hack)
Jun 27, 2015, 1:33 am
#1
Original Poster
Join Date: Jul 2012
Location: London
Programs: BAEC GCH, CXMP Gold, Amex Plat, HH Gold, Accor Plat, SPG Gold, Carlson Gold
Posts: 1,106
BAEC account password reset (hack)
I woke up this morning to 3 emails in my inbox saying I'd requested a password reset. Obviously I didn't click on any of the links.
Has anyone else had this overnight or was it just me who was attacked?
Has anyone else had this overnight or was it just me who was attacked?
Jun 27, 2015, 2:06 am
#3
Original Poster
Join Date: Jul 2012
Location: London
Programs: BAEC GCH, CXMP Gold, Amex Plat, HH Gold, Accor Plat, SPG Gold, Carlson Gold
Posts: 1,106
BAEC account password reset (hack)
True. I'm probably being paranoid as I've had my laptop, iPad and phone stolen recently. Obviously changed my passwords as soon as that happened!
Jun 27, 2015, 2:12 am
#4
Join Date: Dec 2014
Programs: BAEC (although I might just cut up the card)
Posts: 338
The only thing that would worry me, based on what you said is that certain webmail providers will still allow an existing "session" to connect even when you change password. So, if they still have access to your email then it could be a genuine attack.
Assuming you are using one of these webmail services, you should see if there's a way to kill old sessions. Clear all the old sessions, change password again and change BAEC password again.
Just to be safe. It's probably just an accident as chistery suggests. But, better safe than without avios :P
Assuming you are using one of these webmail services, you should see if there's a way to kill old sessions. Clear all the old sessions, change password again and change BAEC password again.
Just to be safe. It's probably just an accident as chistery suggests. But, better safe than without avios :P
Jun 27, 2015, 2:35 am
#5
Original Poster
Join Date: Jul 2012
Location: London
Programs: BAEC GCH, CXMP Gold, Amex Plat, HH Gold, Accor Plat, SPG Gold, Carlson Gold
Posts: 1,106
BAEC account password reset (hack)
Thanks. Good advice. Will do. Only the iPad had access to personal email on it and did have a password, but doubt that's too difficult to break?
I'll get changing!
I'll get changing!
Jun 27, 2015, 6:36 am
#7
Original Poster
Join Date: Jul 2012
Location: London
Programs: BAEC GCH, CXMP Gold, Amex Plat, HH Gold, Accor Plat, SPG Gold, Carlson Gold
Posts: 1,106
BAEC account password reset (hack)
Alas it didn't have a 3G/4G sim so although I've activated the remote wipe on find my iPhone I doubt it's gone through.
Jul 27, 2015, 10:02 pm
#8
Join Date: Jan 2006
Posts: 6
189 and counting
I have been getting 3 emails per minute from british airways customer service- the title of the email is ""reset your password".
I have not gone in to by BA account for quite some time. I am afraid to go in as it appears some sort of glitch or virus. Anyone else? I tried to call; but, can not get anyone who knows/can help.
I am now up to 196 emails since 10:56 pm on 7/27/2015
Anyone else?
I have not gone in to by BA account for quite some time. I am afraid to go in as it appears some sort of glitch or virus. Anyone else? I tried to call; but, can not get anyone who knows/can help.
I am now up to 196 emails since 10:56 pm on 7/27/2015
Anyone else?
Jul 27, 2015, 10:13 pm
#9
Join Date: Nov 2013
Location: Nice, France
Programs: AAdvantage Platinum, IHG Gold
Posts: 29
I'm having the same issue... Over 200 emails since the past hour, and it won't stop. I obviously didn't ask to reset the password, so I have no clue what is going on. I have tried to ask BA on twitter, and no reply!
Edit : About 450 emails since the last one and half hour
Edit : About 450 emails since the last one and half hour
Last edited by Titom; Jul 27, 2015 at 10:20 pm
Jul 28, 2015, 2:06 am
#10
Join Date: Jul 2013
Location: West Sussex
Programs: BA Gold
Posts: 897
The only thing that would worry me, based on what you said is that certain webmail providers will still allow an existing "session" to connect even when you change password. So, if they still have access to your email then it could be a genuine attack.
Assuming you are using one of these webmail services, you should see if there's a way to kill old sessions. Clear all the old sessions, change password again and change BAEC password again.
Just to be safe. It's probably just an accident as chistery suggests. But, better safe than without avios :P
Assuming you are using one of these webmail services, you should see if there's a way to kill old sessions. Clear all the old sessions, change password again and change BAEC password again.
Just to be safe. It's probably just an accident as chistery suggests. But, better safe than without avios :P
Firstly you have to specifically set webmail clients to have an indefinite session, by default they expire.
Secondly, even for sessions set to not expire, all the major webmail clients force reauthorisation on next mouse click if a password change has been detected.
