Last edit by: Pat89339
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
- MikeMpls
- nihaoa
- lewende Reported 4 friends with this issue
- ordbkk
- twebst
- kb1992
- litesleeper
- zombietooth
- critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
- skyvanman Also 1 friend with the issue
- chris1234
- atiger29
- bubble o bill
- genemk2
- jefftiger
- CuddlyFlyer
- gpeso8
- imm2b
- acf1270
- dgxoxo
- ACM two passengers
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
#556
Join Date: Mar 2012
Programs: UA/MM/1K
Posts: 181
2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
How about a simple solution...canceling award booking should also require the PIN number for the MP account where the miles came from and preventing CA to cancel 016 bookings.
#557
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,961
(You want this to apply to changes, too, right? Otherwise the hacker could just change your flights, which from the point of view of inventory is as good as cancelling them. There are a number of things like this that you need to think about.)
#558
FlyerTalk Evangelist
Join Date: Oct 2006
Location: SFO/SJC
Programs: UA Silver, Marriott Gold, Hilton Gold
Posts: 14,886
It's conceptually simple, but I wouldn't expect UA (or any airline) to be able to implement it overnight. You're asking to create a whole new verification check on the website that never existed before. They also undoubtedly have some fairly extensive deployment process for pushing out new code to their servers. I expect they could do it, but it would take them weeks, not days.
I've worked on company intranet/internet sites before - not on the programing side, but on the content/management/QA side (working with the team that codes). Sounds easy, but takes time to code, test, QA, etc. And the sites I've worked on are much less complicated than UAs. While also hard to believe, I've also found through this experience that sometimes, the changes that sound more complicated are actually the easiest to implement, while the ones that sound the easiest can take the longest to implement.
#559
Join Date: Dec 2000
Location: Seat 1A
Programs: Non-status paid F/J (best value for $$$)
Posts: 4,124
A even more simpler (and short term) solution would be for United to disable the "cancel booking" function and require the passenger to call the call center to cancel the booking.
#560
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,961
Talk about throwing out the baby with the bathwater. And 'change flights' too, of course? Millions of people use these services, you know. An even simpler solution would be for UA to shut down operations. Then there would never be any hacking at all.
#561
Join Date: Aug 2007
Location: IAH
Programs: UACO Plat/1K, DL Plat, Hertz 5*, Avis - PC, SPG Gold, Colorado Pass
Posts: 228
Just got cancelled
IAH-PEK-ICN-PEK-IAH in I x 2 for a trip in May. Received something chinese in an email. Not happy. Will have to make some phone calls soon.
Last edited by atiger29; Apr 24, 2014 at 4:15 am Reason: added fare class
#562
Join Date: Jul 2000
Location: AUH
Posts: 8,266
I'd say most FFPs that I'm a member of require me to call in order to cancel an award - it's nowhere near as outlandish as you seem to suggest. In fact, I'm surprised that it involves so little security to cancel as it stands currently.
In light of the apparent breach of security, I agree that disabling the online cancel option is by far the best solution on the balance.
#564
Join Date: Aug 2007
Location: IAH
Programs: UACO Plat/1K, DL Plat, Hertz 5*, Avis - PC, SPG Gold, Colorado Pass
Posts: 228
#566
Join Date: Jul 2013
Location: DAY/CMH
Programs: UA MileagePlus
Posts: 2,474
I'm a developer. I frequently tell my users there is no correlation between the value of a feature and the effort required to implement it.
#567
FlyerTalk Evangelist
Join Date: Dec 2007
Location: BOS/ORH
Programs: AS 75K
Posts: 18,323
Im debating switching now to a different routing. Really wanted to try CA F but it seems the seat in 777-300ER isnt much different than the TG A380 F seat.
#568
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,976
Talk about an overreaction yourself.
I'd say most FFPs that I'm a member of require me to call in order to cancel an award - it's nowhere near as outlandish as you seem to suggest. In fact, I'm surprised that it involves so little security to cancel as it stands currently.
In light of the apparent breach of security, I agree that disabling the online cancel option is by far the best solution on the balance.
I'd say most FFPs that I'm a member of require me to call in order to cancel an award - it's nowhere near as outlandish as you seem to suggest. In fact, I'm surprised that it involves so little security to cancel as it stands currently.
In light of the apparent breach of security, I agree that disabling the online cancel option is by far the best solution on the balance.
#569
FlyerTalk Evangelist
Join Date: Jul 2003
Location: BOS, PVG
Programs: United 1K and 1MM, Marriott Ambassador
Posts: 10,000
Disabling online "cancel" function is bad. Don't mind a PIN requirement.
#570
FlyerTalk Evangelist
Join Date: Dec 2007
Location: BOS/ORH
Programs: AS 75K
Posts: 18,323
I'm not sure why UA cannot just lock specific reservations from changes. I mean what does their corporate security do when they investigate a MP account for fraud? Surely they lock things down
Last edited by CDKing; Apr 24, 2014 at 8:17 am