Apr 21, 2014, 11:37 am
Last edit by: Pat89339
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
- MikeMpls
- nihaoa
- lewende Reported 4 friends with this issue
- ordbkk
- twebst
- kb1992
- litesleeper
- zombietooth
- critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
- skyvanman Also 1 friend with the issue
- chris1234
- atiger29
- bubble o bill
- genemk2
- jefftiger
- CuddlyFlyer
- gpeso8
- imm2b
- acf1270
- dgxoxo
- ACM two passengers
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
Apr 18, 2014, 5:54 am
#136
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA 1k (12 year fallen GS) 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,263
OP - follow the advice on here and call UA today and asked to speak to a supervisor / fraud department. Tell them you did not cancel the reservation and that you know of several other people in the exact same situation (you can reference this board) whose Air China flights have been cancelled and received a Chinese email information them. Hopefully UA Insider has been watching this - there is too much of this happening to be chance...
Last edited by l etoile; Apr 18, 2014 at 7:18 am Reason: Removed response to deleted quote
Apr 18, 2014, 6:18 am
#137
Join Date: Jan 2001
Posts: 1,877
Reservation Cancelled == Hacked?
I am not seeing the correlation.
I am not seeing the correlation.
Apr 18, 2014, 6:24 am
#138
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA 1k (12 year fallen GS) 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,263
Apr 18, 2014, 6:26 am
#139
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,976
Mind elaborating on this? Why UA and CA initiated these cancellations?
Apr 18, 2014, 6:39 am
#140
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,976
Let's assume this suspicion is true - how would that help the fraudsters? We know that the released seat will not necessarily go back into award inventory, and certainly not immediately. So they would do a lot of work for no certain renumeration. Nice conspiracy theory, not very credible.
Seems more likely that someone (an airline perhaps) wants revenue seats to book, so they free some up in way that is harder for the airline to detect, because there will be no refunds payable (only by a partner, not by CA for example).
I also checked the three victims' CA flight information, lots of F and A availability - there is no point for CA to cancel an O seat to free up an F/A space.
Apr 18, 2014, 8:05 am
#141
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
Yes, all of my flights are still operating. The United rep I spoke to last night specifically said somebody canceled my reservation online. Also, it's still possible to re-book my exact reservation, for like $35k, but award space is no longer available.
Apr 18, 2014, 8:41 am
#142
Join Date: Aug 2005
Location: HPN
Programs: not anymore! I'm FREE!
Posts: 3,459
In the other thread, the theory was proposed that hackers are figuring out Air China reservation numbers and passenger names, then contacting Air China or UA to cancel the reservation. Then, they sell the first/business class award space that might consequently open up.
There's clearly a security hole somewhere. I don't think it has anything to do with UA's 4 digit pin, or people hacking UA account passwords. It's more that there exists the ability to cancel someone else's reservation if all you know is the PNR and name -- and these can be found out somehow, probably by brute force guessing on a reservation management website (like a Chinese version of checkmytrip.com, perhaps).
There's clearly a security hole somewhere. I don't think it has anything to do with UA's 4 digit pin, or people hacking UA account passwords. It's more that there exists the ability to cancel someone else's reservation if all you know is the PNR and name -- and these can be found out somehow, probably by brute force guessing on a reservation management website (like a Chinese version of checkmytrip.com, perhaps).
Apr 18, 2014, 8:46 am
#143
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
Sorry, I meant that I follow best practices and feel the chances of my personal computer being hacked or personal passwords recovered is minimal. You are still correct about the 4-digit PIN being an irresponsible method to protect a critical system in 2014. Not to mention it was probably the PNR & Name combination used in this case which is even worse.
Apr 18, 2014, 8:51 am
#144
FlyerTalk Evangelist
Join Date: Sep 2003
Location: HH Diamond, Marriott Gold, IHG Gold, Hyatt something
Posts: 33,532
I doubt it was both, but either/or, I'd guess CA, personally.
They sell out of J/F seats and think, why give the seats away for chump change miles?
Certainly UA has a less than stellar record concerning their IT.
They sell out of J/F seats and think, why give the seats away for chump change miles?
Certainly UA has a less than stellar record concerning their IT.
Apr 18, 2014, 8:57 am
#145
FlyerTalk Evangelist
Join Date: Jul 1999
Location: ORD/MDW
Programs: BA/AA/AS/B6/WN/ UA/HH/MR and more like 'em but most felicitously & importantly MUCCI
Posts: 19,718
I don't know what the hell United can do about it, either, beyond breaking open more inventory on alternative own-metal flights to reaccommodate, which it looks like they are not doing.
Apr 18, 2014, 9:14 am
#146
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
I hate to say it, since my fate at this point depends on Air China reinstating my original reservation, but I think you're right.
Apr 18, 2014, 9:18 am
#147
Join Date: Apr 2008
Location: Denver, CO
Programs: UA 1K
Posts: 273
I am having a similar, albeit much less devastating, problem. I booked a North American AirPass ticket a few weeks ago. One of my flights went from SFO to SAN to ORD to YYZ (all with the same flight number). Twice in the last three days, the SFO-SAN leg has been cancelled. I would have chalked it up to a glitch in the system, but according to the Alliance desk rep, both times "the passenger" called to request the change, which I clearly did not. I cannot see what advantage anyone would get from cancelling one leg of a revenue ticket.
Apr 18, 2014, 9:18 am
#148
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
United has lax security, allowing customer reservations to be canceled. United is aware of their security problems and lets them continue. United looks the other way when this happens. And who benefits when customers have to fly United instead of other carriers? United....... They're not a "victim" here, and they should not be let off the hook when they are complacent about fraud.
Apr 18, 2014, 9:21 am
#149
Join Date: May 2000
Location: Houston, TX, USA
Programs: UA 1K, AA Lifetime Platinum, DL Platinum, Honors Diamond, Bonvoy Titanium, Hertz Platinum
Posts: 7,969
It's more that there exists the ability to cancel someone else's reservation if all you know is the PNR and name -- and these can be found out somehow, probably by brute force guessing on a reservation management website (like a Chinese version of checkmytrip.com, perhaps).
Apr 18, 2014, 9:31 am
#150
FlyerTalk Evangelist
Join Date: Nov 2004
Location: ORD
Programs: UA 1K
Posts: 16,900
I think the more likely scenario is that there's a human leak somewhere. There are probably thousands, if not more, Air China employees, that have access to PNRs including passenger names for upcoming flights, let alone those at associated vendors. All it takes is one that works in association with a mileage broker of some sort to create a situation such as we see here.
