Dec 29, 2014, 12:05 am
Last edit by: WineCountryUA
This thread to follow reports of MP accounts that actually have been hacked / improperly accessed. If you have missing miles and beleive you have been hacked, contact [email protected]
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
UA Account Hacked / Reports of Fraudulent Award Travel Redemption
Jan 6, 2014, 1:26 pm
#16
Join Date: Apr 2006
Location: LIS/ATL/other
Programs: UA 1K, Avis PC, Hertz PC, Sixt Plat, Marriott Gold, HH Silver
Posts: 1,983
Can you really forget it and never use it again? I am always asked for my PIN when I try to book or make changes to award tickets by phone.
Jan 6, 2014, 1:31 pm
#18
Join Date: Dec 2013
Location: San Francisco Bay Area
Programs: United - GS
Posts: 6
Jan 6, 2014, 4:17 pm
#19
Original Poster
Join Date: Nov 2011
Location: YUL
Programs: UA 1K, MR Bonvoy Bonzaiiiii, National EE
Posts: 622
From my chat with the Fraud rep on the phone, you cannot remove the Pin login access. She said they are rolling out some updates soon to address this issue and allow the user to specify only a password.
My quip to her about patches upon patches on a 20+ year old shares platform didn't get much of a laugh, just a sigh of exasperation.
She indicated a lot of other customers have complained about this lack of security as well.
My quip to her about patches upon patches on a 20+ year old shares platform didn't get much of a laugh, just a sigh of exasperation.
She indicated a lot of other customers have complained about this lack of security as well.
Jan 6, 2014, 4:24 pm
#20
Join Date: May 2000
Location: Houston, TX, USA
Programs: UA 1K, AA Lifetime Platinum, DL Platinum, Honors Diamond, Bonvoy Titanium, Hertz Platinum
Posts: 7,970
Jan 6, 2014, 4:34 pm
#21
Join Date: Oct 2004
Location: Anywhere but home
Programs: UA 1K/MM, DL GM/MM, HH Dia, PC Plat, MR Gold, ALL Sil,
Posts: 4,552
Jan 6, 2014, 5:57 pm
#22
Join Date: Jan 2001
Location: Singapore
Programs: UA MP Plat MM, *G;Global Entry; Hertz, Budget; Accor Gold, Marriott Gold
Posts: 208
So this crook booked some travel with someone else on your account/$$$/miles/upgrades?
Did they not have to fill in the names etc of those travelling? That should give law enforcement a good handle on who this might have been (unless it was done as random malice w/o the travellers 'nominated' wanting the trip/knowing about it)..
Did they not have to fill in the names etc of those travelling? That should give law enforcement a good handle on who this might have been (unless it was done as random malice w/o the travellers 'nominated' wanting the trip/knowing about it)..
Jan 6, 2014, 6:16 pm
#23
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,140
You are not wong. Every account has a 4-digit PIN and there's currently no possible way to remove it. Continental and post-merger United have never been concerned with security in the least. pmUA was much better about this.
Jan 6, 2014, 6:49 pm
#25
Join Date: May 2001
Location: Under one roof in Chicago
Programs: UA 2MM, DL MM
Posts: 3,141
Jan 6, 2014, 7:10 pm
#26
Join Date: Mar 2011
Location: Colorado
Programs: Lifetime UA 1K, Lifetime Hilton Diamond, Lifetime Marriott Bonvoy Titanium
Posts: 1,261
The 4 digit PIN does not have to be used for login to your MP account - use a regular password and the PIN is then used by the UA agent to verify identity when redeeming miles over the phone. This still leaves you open to anyone hacking an account PW and redeeming miles on the web but increases the complexity of breaking into the account to begin with.
At least my browser lets me save the logon information so I never need to type it. Observing the PIN as someone types it in (especially in an airport or airplane seat) is pretty easy to do.
Jan 6, 2014, 7:10 pm
#27
Join Date: Sep 2008
Location: PAE
Posts: 302
The 4 digit PIN does not have to be used for login to your MP account - use a regular password and the PIN is then used by the UA agent to verify identity when redeeming miles over the phone. This still leaves you open to anyone hacking an account PW and redeeming miles on the web but increases the complexity of breaking into the account to begin with.
Jan 6, 2014, 7:18 pm
#28
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.995MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,855
you are not
, as many past posters have stated, there is no way to disable the insecure PIN 
Jan 6, 2014, 7:26 pm
#29
Join Date: Aug 2013
Location: Bay Area
Programs: UA *A (Gold), Avis (Gold), Marriott (Gold)
Posts: 29
Good point.... But
This is a very good point - However the person will know where they got their ticket from so following the money should only take one more step.
Jan 6, 2014, 7:34 pm
#30
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,140
By the same token, if you add a user name, that doesn't prevent logging in using your MP number either.