Consolidated "Hilton Honors Account Hacked" thread
#106
Join Date: Sep 2011
Location: SFO/SMF
Programs: Holder of six "persona non-grata" awards
Posts: 1,914
#107
The CAPTCHA thing only makes sense if it was brute force, no? for working email/password combos captured elsewhere that would appear (even) less effective.
"In that case, you're stupid enough when it comes to internet safety that those points deserve to be spent."
Stupidity, fortunately, does not make a wrong a right, and it remains a criminal act to assume someone else's property without their consent, and certainly from within a protected (even if weakly so) area.
"In that case, you're stupid enough when it comes to internet safety that those points deserve to be spent."
Stupidity, fortunately, does not make a wrong a right, and it remains a criminal act to assume someone else's property without their consent, and certainly from within a protected (even if weakly so) area.
#108
Join Date: Nov 2014
Posts: 2
Hi, everyone.
I made an account on this forum to make you all aware of a blackhat forum where the selling of your cracked Hilton HHonors accounts are bought and sold.
I am a member of said forum, but I think that it is wrong that they are doing this to you all.
The website is http://leakforums.org or http://leak.sx. They're both the same website. Now, you'll have to create an account on the forum and then visit this forum thread http://leakforums.org/thread-367084. You can't see it without first making an account.
The thread looks like this
The name of this seller is Imperfectluck.
Maybe presentation of some of this stuff to Hilton will make them a bit more motivated to fix things.
I made an account on this forum to make you all aware of a blackhat forum where the selling of your cracked Hilton HHonors accounts are bought and sold.
I am a member of said forum, but I think that it is wrong that they are doing this to you all.
The website is http://leakforums.org or http://leak.sx. They're both the same website. Now, you'll have to create an account on the forum and then visit this forum thread http://leakforums.org/thread-367084. You can't see it without first making an account.
The thread looks like this
The name of this seller is Imperfectluck.
Maybe presentation of some of this stuff to Hilton will make them a bit more motivated to fix things.
#109
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
#110
Join Date: Oct 2006
Location: Long Beach, CA
Programs: AA PLTPRO, HH Diamond, IHG Plat, Marriott Plat, Hyatt Globalist
Posts: 3,559
I just checked into a Hampton Inn and logged onto the internet. It just occurred to me that one of the things we are supposed to do is provide our HHonors number and PIN. Given the open and unsecured nature of the free WiFi, I wonder if this isn't another vulnerability for Hilton guests?
#111
Join Date: Apr 2004
Programs: AA EXP 1M, DL 1M, HH Diamond, PC Amb Plat, Hyatt Plat, * Wood Gold, MR Silver
Posts: 73
I also asked if they could disable access to my account via my PIN. Currently this is not supported by the Hilton system.
#112
Join Date: Dec 2011
Location: KWI
Programs: I travel for fun these days.
Posts: 383
I've stayed at several properties where I express my displeasure directly to management when my receipt/folio is left in the hallway (outside the door) the morning of my check-out -- seriously, if your night clerk is too lazy to slide it under the door, why bother...
Everything is on that receipt - personal information and HHonors number. And, with the "iron-clad" PIN only requirement to access the online account, I'm surprised this hasn't happened in the past with more frequency.
Wasn't there a story a while back about a guy that would use the previous occupant's information to lengthen the stay and live in the room for a few days?
Everything is on that receipt - personal information and HHonors number. And, with the "iron-clad" PIN only requirement to access the online account, I'm surprised this hasn't happened in the past with more frequency.
Wasn't there a story a while back about a guy that would use the previous occupant's information to lengthen the stay and live in the room for a few days?
#113
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
[QUOTE=DirtyDan;23822951]I've stayed at several properties where I express my displeasure directly to management when my receipt/folio is left in the hallway (outside the door) the morning of my check-out -- seriously, if your night clerk is too lazy to slide it under the door, why bother...
Everything is on that receipt - personal information and HHonors number. And, with the "iron-clad" PIN only requirement to access the online account, I'm surprised this hasn't happened in the past with more frequency.
QUOTE]
Some of the properties I stay at have quit providing paper copies over night al together (not under the door not hanging). I inquired to one where I know the front desk manager and he told me it was a policy change for the exact concerns you list above.
Everything is on that receipt - personal information and HHonors number. And, with the "iron-clad" PIN only requirement to access the online account, I'm surprised this hasn't happened in the past with more frequency.
QUOTE]
Some of the properties I stay at have quit providing paper copies over night al together (not under the door not hanging). I inquired to one where I know the front desk manager and he told me it was a policy change for the exact concerns you list above.
#114
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 228
> Given the open and unsecured nature of the free WiFi, I wonder if this isn't another vulnerability for Hilton guests?
Perhaps. I don't recall if that login page is secured by https ... and if so; which cipher suite is used. Anyone?
Perhaps. I don't recall if that login page is secured by https ... and if so; which cipher suite is used. Anyone?
#115
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Most of the Hilton's now have you enter your HH# and room# inorder to claim the free Wifi. That has made me nervous.
#116
Join Date: Dec 2014
Posts: 2
Different Log ins Causing Problems with Retaining cancellations
In mid October I was trying to cancel some reservations at online for a Hampton Inn Hotel in Austin. I was finally successful in canceling them but then weeks later I was charged as a "NO SHOW" for FIVE different rooms.
There are about 3 different ways to log into my account and it depends on which computer I am on and what password combo it has "remembered". The web site was acting strange it the reason I am so positive I cancelled them is because I had to go to two different computers to do it. At first I got the "you are not authorized to make this ...." or do this" so I went to my desktop and got it done. Now they say they will not refund my money as I was a no show. This was for 5 rooms for an anniversary party that we didn't just "forget" we were canceling. I spend a half a day unwinding the weekend due to some conflicts we had with our kids schedule.
The Hampton Inn Austin lady in charge of No Shows could not have been ruder about it. The Hilton Customer Service people I assume are in India and could also care less and keep telling me "it is up to the Hotel". Why would problems with the Hilton Worldwide Website be up to the hotel?
We are 20 year Honors members and have never, ever had a no show. Also of note is we had some other rooms at a neighboring Hilton that WERE cancelled.
A search of our Emails from Hilton shows they are very haphazard - sometimes we got confirmation and sometimes we didn't but there is also an issue of us deleting emails regularly when we believe they are not needed. An addition reason I was not concerned enough to call at the time was that after I logged out I logged back in to be sure that the site showed my next upcoming stay was not in Austin but a month later in Los Angeles. I fully admit to being capable of forgetting to cancel a reservation for ONE room - but not for 5 when the weekend was an out of town adventure for our anniversary with friends and family. I am certain this is a problem of the web site but cannot get anyone to help me. Any advice is appreciated.
There are about 3 different ways to log into my account and it depends on which computer I am on and what password combo it has "remembered". The web site was acting strange it the reason I am so positive I cancelled them is because I had to go to two different computers to do it. At first I got the "you are not authorized to make this ...." or do this" so I went to my desktop and got it done. Now they say they will not refund my money as I was a no show. This was for 5 rooms for an anniversary party that we didn't just "forget" we were canceling. I spend a half a day unwinding the weekend due to some conflicts we had with our kids schedule.
The Hampton Inn Austin lady in charge of No Shows could not have been ruder about it. The Hilton Customer Service people I assume are in India and could also care less and keep telling me "it is up to the Hotel". Why would problems with the Hilton Worldwide Website be up to the hotel?
We are 20 year Honors members and have never, ever had a no show. Also of note is we had some other rooms at a neighboring Hilton that WERE cancelled.
A search of our Emails from Hilton shows they are very haphazard - sometimes we got confirmation and sometimes we didn't but there is also an issue of us deleting emails regularly when we believe they are not needed. An addition reason I was not concerned enough to call at the time was that after I logged out I logged back in to be sure that the site showed my next upcoming stay was not in Austin but a month later in Los Angeles. I fully admit to being capable of forgetting to cancel a reservation for ONE room - but not for 5 when the weekend was an out of town adventure for our anniversary with friends and family. I am certain this is a problem of the web site but cannot get anyone to help me. Any advice is appreciated.
#117
Moderator: Hilton Honors forums
Join Date: Dec 2002
Location: Marietta, Georgia, United States
Posts: 24,996
#118
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
It was a HGI and I got the same runaround until I filed a complaint via the Diamond desk about how this was a website problem and thus a Hilton problem and not a hotel issue.
I was refunded the amounts shortly thereafter.
Last edited by JohnMacWW; Dec 10, 2014 at 1:49 pm
#119
Join Date: Nov 2013
Programs: HH Diamond, IHG Spire, Marriott Gold, AA Plat. Pro
Posts: 400
I don't know if this applied to your situation bobbora but Hilton and a few other hotel sites are famous for having issues with cancellations and reservations that are only half completed on one computer and then completed on another. It has something to do with the session the use in their websites and quite frankly...poor programming. It has bitten a few other folks in the past as well.
#120
Join Date: Jun 2009
Location: SIN
Programs: TK-G | Accor P | SQ-G | Marriott T
Posts: 3,828
My Hilton Honors being hacked?
I have not been login into my account for sometimes. Today I tried to login and it fails. I tried to reset my password also fail.
I emailed the CS and they asked me to confirmed my mailing address and phone number before they can reset my password.
I did not think much.
Once i managed to login, I notice I only have 134 points. I should have 50,134.. Also the second email is strange gmail account which I override it with my gmail account.
I was told that there is shopping on September 2014 for 50,000 points. I did not remember I do any redeemption and this is not listed under ALL Activities.
I also notice that I have not received any email from HHonors since sometimes and my milesBuster complain about problem login into my HHonors.
The CS also said "You will begin to receive all future mailings at your new email address within 3 weeks. " Seems to me the reason I did not recieve any email from HHonors because the email has been changed.
Seems like my account has been hacked and i missed 50,000 points. Anything can be done to recover this 50,000 points?
I emailed the CS and they asked me to confirmed my mailing address and phone number before they can reset my password.
I did not think much.
Once i managed to login, I notice I only have 134 points. I should have 50,134.. Also the second email is strange gmail account which I override it with my gmail account.
I was told that there is shopping on September 2014 for 50,000 points. I did not remember I do any redeemption and this is not listed under ALL Activities.
I also notice that I have not received any email from HHonors since sometimes and my milesBuster complain about problem login into my HHonors.
The CS also said "You will begin to receive all future mailings at your new email address within 3 weeks. " Seems to me the reason I did not recieve any email from HHonors because the email has been changed.
Seems like my account has been hacked and i missed 50,000 points. Anything can be done to recover this 50,000 points?