Dec 29, 2014, 12:05 am
Last edit by: WineCountryUA
This thread to follow reports of MP accounts that actually have been hacked / improperly accessed. If you have missing miles and beleive you have been hacked, contact [email protected]
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
UA Account Hacked / Reports of Fraudulent Award Travel Redemption
Aug 13, 2014, 1:57 pm
#197
Join Date: Sep 2007
Location: Colorado
Programs: UA Gold 1MM, Marriott Gold
Posts: 1,158
My MP account was hacked last night and somebody redeemed 3 one-way business class Star Awards on TK from IST-GYD (Azerbaijan) for a total of 135K miles.
Tickets were booked late last night for flights today so by the time I noticed this afternoon, the plane had already landed.
Whoever it was is pretty smart as they changed the email address in my profile so I never received any notifications and they added a new (probably stolen) credit card number to my stored payments area to pay for the booking fees.
I called MP Customer Service and they sent it up to Corporate Security for investigation. I have no doubt that I'll get my miles back but it burns me up that the crooks got away with it.
I check my MP account just about daily and have never had any problems until now. Everyone, check your accounts and change your PINs!
Tickets were booked late last night for flights today so by the time I noticed this afternoon, the plane had already landed.
Whoever it was is pretty smart as they changed the email address in my profile so I never received any notifications and they added a new (probably stolen) credit card number to my stored payments area to pay for the booking fees.
I called MP Customer Service and they sent it up to Corporate Security for investigation. I have no doubt that I'll get my miles back but it burns me up that the crooks got away with it.
I check my MP account just about daily and have never had any problems until now. Everyone, check your accounts and change your PINs!
Corporate Security restored the miles to my account within 24 hours and called me back to let me know. No other action was required on my part. ^
The agent informed me that they often look for these types of events originating out of eastern Europe and called it a "grab and go" situation - hack in and redeem for flights leaving right away. Sounds like it is happening with increased frequency.
He also mentioned that they will be implementing new security features in the next couple of months for better protection. Here's hoping.
Good job UA ^
Aug 13, 2014, 2:16 pm
#198
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
- The lack of an email to the old email address upon this type of change is crazy
- Quick...use that credit card to book tickets to Vegas
Aug 13, 2014, 6:13 pm
#199
FlyerTalk Evangelist
Join Date: Jul 1999
Location: Ewa Beach, Hawaii
Posts: 10,909
I tried to look through the thread but did not see it. I see something very disturbing in UA's website. I use a password manager, now when I log into UA's website, the password manager tells me the site is not a secure login though it was when I saved the password into the password manager. I tried all the portals I could think of to log into UA's website and not one of them is the secure https:// type page. When did UA get rid of secure login pages? So, no secure login page, only a 4 number pin. No wonder peoples accounts are being hacked so easily.
Dec 5, 2014, 1:53 pm
#201
Join Date: Sep 2013
Posts: 7
By chance I happened to log into my United account today and I discovered that someone changed my email address on my account and on Thanksgiving day that person placed 5 separate gift card orders totaling 82,500 miles.
I called and got no where with United or mileage plus customer service. I was eventually told to email [email protected], which I did.
I subsequently changes my email address back and changed my password and changed my pin.
I searched for gift cards in this thread and did not find out whether or not anyone else that had this happen to them ultimately received a refund. I'm afraid that I have lost these miles. It stinks that no one at United will even talk to you about it. It would be nice if someone could try to cancel the gift cards. Hackers and thieves suck.
I called and got no where with United or mileage plus customer service. I was eventually told to email [email protected], which I did.
I subsequently changes my email address back and changed my password and changed my pin.
I searched for gift cards in this thread and did not find out whether or not anyone else that had this happen to them ultimately received a refund. I'm afraid that I have lost these miles. It stinks that no one at United will even talk to you about it. It would be nice if someone could try to cancel the gift cards. Hackers and thieves suck.
Dec 5, 2014, 6:44 pm
#202
Join Date: Apr 2011
Location: New York, NY
Posts: 390
By chance I happened to log into my United account today and I discovered that someone changed my email address on my account and on Thanksgiving day that person placed 5 separate gift card orders totaling 82,500 miles.
I called and got no where with United or mileage plus customer service. I was eventually told to email [email protected], which I did.
I subsequently changes my email address back and changed my password and changed my pin.
I searched for gift cards in this thread and did not find out whether or not anyone else that had this happen to them ultimately received a refund. I'm afraid that I have lost these miles. It stinks that no one at United will even talk to you about it. It would be nice if someone could try to cancel the gift cards. Hackers and thieves suck.
I called and got no where with United or mileage plus customer service. I was eventually told to email [email protected], which I did.
I subsequently changes my email address back and changed my password and changed my pin.
I searched for gift cards in this thread and did not find out whether or not anyone else that had this happen to them ultimately received a refund. I'm afraid that I have lost these miles. It stinks that no one at United will even talk to you about it. It would be nice if someone could try to cancel the gift cards. Hackers and thieves suck.
I still have the name and phone number for the person in corporate security that I dealt with. I'll direct message you, or you can email me directly at [email protected]. I so hope I can help you.
Dec 26, 2014, 10:02 am
#204
Join Date: Feb 2008
Location: CAN, LAX, TPE
Programs: AA, AS, CI, DL, UA
Posts: 2,898
Today I received a promo e-mail from United Mileage Plus partner and saw my miles stated on the e-mail to be short of ~50k miles. Went to check online and there was a hotel redemption for 51,400 miles on Dec. 8 that I do not know of. I checked my e-mail account and had never received an e-mail notice in regards to this redemption.
I called the call center and was directed to e-mail [email protected]. Now I received an e-mail from securitytips that they will contact me in 7-10 days.
Prior to the e-mail, I checked my account and everything was normal except that I am signed up to receive e-mails in Spanish. I changed that back to English and edited my password.
Now to cross my fingers that I will get my miles back...
I called the call center and was directed to e-mail [email protected]. Now I received an e-mail from securitytips that they will contact me in 7-10 days.
Prior to the e-mail, I checked my account and everything was normal except that I am signed up to receive e-mails in Spanish. I changed that back to English and edited my password.
Now to cross my fingers that I will get my miles back...
Dec 26, 2014, 10:07 am
#205
Join Date: Mar 2011
Location: Colorado
Programs: Lifetime UA 1K, Lifetime Hilton Diamond, Lifetime Marriott Bonvoy Titanium
Posts: 1,261
I'm amazed there haven't been major hacks to United yet. Their security is 1990s.
Last edited by WineCountryUA; Dec 26, 2014 at 10:13 am Reason: unneeded trolling comment deleted
Dec 26, 2014, 7:58 pm
#206
Join Date: Feb 2008
Location: CAN, LAX, TPE
Programs: AA, AS, CI, DL, UA
Posts: 2,898
Today I received a promo e-mail from United Mileage Plus partner and saw my miles stated on the e-mail to be short of ~50k miles. Went to check online and there was a hotel redemption for 51,400 miles on Dec. 8 that I do not know of. I checked my e-mail account and had never received an e-mail notice in regards to this redemption.
I called the call center and was directed to e-mail [email protected]. Now I received an e-mail from securitytips that they will contact me in 7-10 days.
Prior to the e-mail, I checked my account and everything was normal except that I am signed up to receive e-mails in Spanish. I changed that back to English and edited my password.
Now to cross my fingers that I will get my miles back...
I called the call center and was directed to e-mail [email protected]. Now I received an e-mail from securitytips that they will contact me in 7-10 days.
Prior to the e-mail, I checked my account and everything was normal except that I am signed up to receive e-mails in Spanish. I changed that back to English and edited my password.
Now to cross my fingers that I will get my miles back...
Someone responded to my request within 2 hours and my miles was refunded (very fast consider it's holiday season). I was required to change PIN (basically had to set up one) and update security question after verifying my account profile.
Dec 28, 2014, 11:46 pm
#207
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.995MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,854
Moderator Note
In http://www.flyertalk.com/forum/unite...ec-2014-a.html there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread. {Posts on the username log-in change have been moved from here to there.}
A separate(?) "access denied" issue is covered in http://www.flyertalk.com/forum/unite...wn-thread.html
Let's use this thread to follow reports of accounts that actually are hacked / improperly accessed.
WineCountryUA
UA coModerator
In http://www.flyertalk.com/forum/unite...ec-2014-a.html there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread. {Posts on the username log-in change have been moved from here to there.}
A separate(?) "access denied" issue is covered in http://www.flyertalk.com/forum/unite...wn-thread.html
Let's use this thread to follow reports of accounts that actually are hacked / improperly accessed.
WineCountryUA
UA coModerator
Last edited by WineCountryUA; Dec 29, 2014 at 10:42 am
Jan 13, 2015, 8:16 pm
#208
Join Date: Jan 2004
Location: New York NY
Programs: UA Gold, CO Plat, CO Million Miler
Posts: 2,617
Interesting call from Fraud Protection today
This afternoon I received a call from a very nice gentleman at UA Fraud protection. He asked if I had recently used miles for a hotel in a European city. I asked him where....her told me.....he asked me to check my account to see if there were any unauthorized mileage withdrawals, and yes 34,000 miles had been withdrawn today. He then led me through the steps of changing my user name, password, etc., and immediately credited back the miles. I was extremely impressed that they caught something like this, how quickly they caught it, and how efficiently and quickly they corrected my account.
Jan 13, 2015, 8:55 pm
#210
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866