Dec 29, 2014, 12:05 am
Last edit by: WineCountryUA
This thread to follow reports of MP accounts that actually have been hacked / improperly accessed. If you have missing miles and beleive you have been hacked, contact [email protected]
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
UA Account Hacked / Reports of Fraudulent Award Travel Redemption
Jul 18, 2014, 5:11 am
#151
Join Date: May 2005
Location: Chicago
Programs: United GS 3 MM LT, Marriott Ambassador LT Titanium, HH LT Diamond
Posts: 461
My Mileageplus account was hacked, has anyone heard of this happening?
A couple of days ago my two mileage gift cards for 16,500 miles each were deducted from my account. I actually never heard of such a gift card before but knew this was not generated by me. The woman at mileageplus was nice explained that someone signed onto my account with my pin and had these issued. She said security would be alerted and the miles would be placed. I also had to change my pin. I asked if United security would contact me to tell me about who did this. She said probably not because this was a minor incident. I was a little annoyed that nobody is really going to track this down, but in realized it is not cost effective to make this into a major investigation. I would think United could void the ticket related to this, by the mileageplus rep did not know.
The only public computer I have used when entering my account number and pin was in a hotel to print out a boarding pass.
Has anyone heard of this happening?
The only public computer I have used when entering my account number and pin was in a hotel to print out a boarding pass.
Has anyone heard of this happening?
Last edited by FlyinHawaiian; Jul 18, 2014 at 5:18 am Reason: moved into existing thread
Jul 18, 2014, 5:43 am
#153
Join Date: Feb 2014
Location: ORD/MKE
Programs: UA General Member, AA Gold, SPG (Bonvoy) Gold; IHG Plat. Ambassador
Posts: 399
A couple of days ago my two mileage gift cards for 16,500 miles each were deducted from my account. I actually never heard of such a gift card before but knew this was not generated by me. The woman at mileageplus was nice explained that someone signed onto my account with my pin and had these issued. She said security would be alerted and the miles would be placed. I also had to change my pin. I asked if United security would contact me to tell me about who did this. She said probably not because this was a minor incident. I was a little annoyed that nobody is really going to track this down, but in realized it is not cost effective to make this into a major investigation. I would think United could void the ticket related to this, by the mileageplus rep did not know.
The only public computer I have used when entering my account number and pin was in a hotel to print out a boarding pass.
Has anyone heard of this happening?
The only public computer I have used when entering my account number and pin was in a hotel to print out a boarding pass.
Has anyone heard of this happening?
Jul 18, 2014, 7:19 am
#154
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
Jul 18, 2014, 7:28 am
#155
Join Date: Jan 2007
Location: IAD/DCA/BWI
Programs: UA 1K- RCC
Posts: 457
Glad it got resolved quickly.
I heard on the radio this week about some government report warning hotels how those lobby computers are extremely likely to have viruses and are utilized to steal personal information...scary stuff.
I heard on the radio this week about some government report warning hotels how those lobby computers are extremely likely to have viruses and are utilized to steal personal information...scary stuff.
Jul 18, 2014, 10:13 am
#156
Join Date: Apr 2012
Location: SFO; SJC
Programs: UA Silver; WN; Marriott; SPG; Hilton; IHG; National; TSA Pre; Clear
Posts: 199
Correct. I never log into my MP account when printing a boarding pass from a hotel business computer. Just last name and record locator are all that is needed.
Jul 18, 2014, 4:05 pm
#157
Join Date: May 2005
Location: Chicago
Programs: United GS 3 MM LT, Marriott Ambassador LT Titanium, HH LT Diamond
Posts: 461
I have an update
I spoke to a very nice woman at United security. They were able to deactivate the gift cards before the person could use the miles. The person changed my e-mail address to be one letter different (on yahoo) and have have the gift cards e-mailed to that address. Yesterday when I changed the pin it was sent to the bad guy's e-mail address. I had no idea. United security froze my account. The woman walked me through changing things in my profile to help protect me.
She said that there has been a rash of this happening due to people using wifi in hotels. I do that all the time. She said hotel wifi is not secure and even the wifi in the United Club is not secure. She suggested to never log onto United.com or a bank's website via hotel or United Club wifi. If you need to do this shut off wifi and use cellular data which is secure. I am shocked because I use wifi in a hotel room more than 50 days a year. I pay my credit card, transfer money, etc. I really never knew this. She said this has been happening a lot lately.
I give United Security an A.
She said that there has been a rash of this happening due to people using wifi in hotels. I do that all the time. She said hotel wifi is not secure and even the wifi in the United Club is not secure. She suggested to never log onto United.com or a bank's website via hotel or United Club wifi. If you need to do this shut off wifi and use cellular data which is secure. I am shocked because I use wifi in a hotel room more than 50 days a year. I pay my credit card, transfer money, etc. I really never knew this. She said this has been happening a lot lately.
I give United Security an A.
Jul 18, 2014, 4:12 pm
#158
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
I don't do financial transactions on hotel WiFi, but certainly do use airline sites. Hmmmm. I think I'll start connecting via my phone's hotspot for any sensitive logins.
Jul 18, 2014, 4:16 pm
#159
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.99MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,771
except a 4 number pin is F-.
Jul 18, 2014, 4:31 pm
#160
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,740
Why would people still use PIN when there is an option to use Userid and password? I cannot remember the FFP numbers so I always use Userid and password instead. I think BA has done away with FFP number and PIN and requires userid and password log in since long time ago. DL might also be in the same situation.
Jul 18, 2014, 6:42 pm
#161
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.99MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,771
regardless of what you use the PIN option is still there in your MP account and a bruteforce attack is always a risk.
Jul 18, 2014, 6:54 pm
#162
FlyerTalk Evangelist
Join Date: Aug 2005
Location: BOS/EAP
Programs: UA 1K, MR LTT, HH Dia, Amex Plat
Posts: 31,978
Jul 18, 2014, 7:26 pm
#163
Join Date: Aug 2013
Location: LAS HNL
Programs: DL DM, 5.7 MM, UA 3.1 MM, MARRIOTT PLATINUM, AVIS FIRST, Amex Black Card
Posts: 4,479
Jul 18, 2014, 7:32 pm
#164
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,121
Jul 18, 2014, 8:03 pm
#165
Join Date: Aug 2013
Location: LAS HNL
Programs: DL DM, 5.7 MM, UA 3.1 MM, MARRIOTT PLATINUM, AVIS FIRST, Amex Black Card
Posts: 4,479