The largest expert travel community:
  • 736,201 Total members
  • 7,309 Users online now
  • 1,674,857 Threads
  • 30,138,283 Posts

United & American Frequent Flyer Accounts Hacked, Miles Stolen in Cyber Attack

United & American Frequent Flyer Accounts Hacked, Miles Stolen in Cyber Attack
Jeff Edwards


Hackers booked tickets and redeemed upgrades using miles siphoned from the accounts of United Airlines MileagePlus and American Airlines AAdvantage members in December.

United Airlines and American Airlines have confirmed that cyber criminals, using stolen usernames and passwords, accessed frequent flyer accounts in December 2014. Once the thieves fraudulently obtained access to these accounts, miles were transferred, used to book trips and even redeemed for upgrades.

According to American spokeswoman Martha Thomas, as reported by AP, nearly 10,000 AAdvantage accounts may have been compromised. Thomas said the airline has frozen some accounts while it works with customers to set up new AAdvantage memberships. Thomas also confirmed that mileage bandits were able to obtain free travel and upgrades without the members’ knowledge or consent in at least two instances.

American began notifying affected customers by email on Monday. The airline says it will offer a free year of credit-watch service to those whose frequent flyer accounts have been violated.

Luke Punzenberger, a spokesman for United, said that fraudulent transactions were detected on as many as three dozen MileagePlus accounts. The airline began alerting members in late December, and Punzenberger said United would replace any stolen miles in affected accounts.

Both airlines insist that their computer networks were not compromised. It appears the thieves obtained username and password information from another company’s site. The thieves were able to use this information to access individual accounts only in cases where the username and password matched the exact login credentials of the hacked site. To prevent this kind of incident from occurring again, United is now requiring MileagePlus members to enter their account number when logging in.

[Photo: iStock]

View Comments (6)


  1. flyernick

    January 12, 2015 at 7:49 pm

    What is this bull about ” another company’s site” or other articles call it a “third party site”.
    They should be naming the company that did get hacked. Even if it is a company they do a lot of business with (like dining for miles), then we, the airline’s customers ought to know who to avoid and the airlines ought to immediately sever the relationship.

  2. PeggyPecan

    January 13, 2015 at 5:54 am

    This seems to be Uniteds way of operating anymore. It’s never their fault.

  3. vtmaa

    January 13, 2015 at 9:47 am

    not just AA and UA. my DL account was hacked and 70000 miles stolen for an award ticket. DL returned the miles immediately and are investigating.

  4. cestmoi123

    January 13, 2015 at 10:59 am

    Third party site probably means that, in one of the other breaches of late, people were using the same username and password as on the AA or UA sites, so it doesn’t necessarily mean that the breach was at a company that had anything to do with AA or UA.

    While having a secure password is important, having DIFFERENT secure passwords is equally, if not more, important, so that if an attacker gets access to your login at site A, they can’t then use that to log into site B.

  5. alphaod

    January 13, 2015 at 6:33 pm

    It doesn’t help that people can log in with a 4 digit pass code.

  6. Mbenz

    January 14, 2015 at 2:22 pm

    I am assuming they would have sold the miles to an unsuspecting 3rd party? otherwise it is obviously incredibly easy to trace…

You must be logged in on the FORUM to post a comment Login

Leave a Reply

More in Airlines

Mystery Illness Diverts Ural Airlines Flight To Dubai

Jackie ReddyJanuary 22, 2019

You Can Now Book Lie-Flat Business Class on Another Budget Airline

Jeff EdwardsJanuary 22, 2019

United Passengers Frozen and Marooned for 17 Hours in Canada

Jackie ReddyJanuary 21, 2019

Copyright © 2014 Top News Theme. Theme by MVP Themes, powered by Wordpress.