my fellow flyertalkers, please make sure you use strong passwords and don't use any password on more than one account. a strong password can be something like q]6b%WgfhX6oKv. Yes, it's a hassle but there are many password management apps out there for desktop and mobile OS, many of which will share your password file between your different devices. they can generate strong passwords for each account. I'm shocked to read how up to 50% of passwords on a site that gets hacked are things like "123456" or "password." and no, i'm not making that up.
Don't forget that if another site gets hacked and you've used the same email/password combo there, then the hackers can just waltz into any other account with the same combo. good security practices take effort but my guess is that it's a lot less effort, and headache, than trying to recoup your stolen points.