FlyerTalk Forums - View Single Post - 2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
Thread: 2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
View Single Post
Old Apr 12, 2014, 5:54 pm
  #57  
lewende
 
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,976
UAInsider - UA gotta stop CA award seat poacher from China!
During the past week, I've heard three incidents from my friends w/r/t UA award ticket (016 stock) with Air China (CA) award segments got mysteriously cancelled by somebody in China.

Victim 1: two first class award bookings (O class) with TPAC on CA985 (PEK-SFO); the expected travel date is in June 2014;

Victim 2: two first class award bookings (O class) with TPAC also on CA985 (PEK-SFO); the expected travel date is also in June 2014;

Victim 3: one business class award booking (I class) with TPAC also on CA985 (PEK-SFO); the expected travel date is also in June 2014.

All these three incidents started with receiving an email from MileagePlus in Chinese, stating their United award tickets were cancelled per their requests. Upon receiving these emails, their award seats could no longer be re-captured due to no award availability from CA on those TPAC segments.

These incidents, together with the one reported by MikeMpls (link attached below), revealed a bone-chilling scheme conspired by some award seat poachers in China:

MikeMpls's Post

People in this hemisphere may not be aware of how booming a business is at China right now for award seat scalping. Due to the language and food preference, CA (Air China) F and C cabin award seats are in high demand from Chinese travelers. As such, award seat scalpers in China are constantly looking for TPAC award inventory for their clients and if they find no inventories available, they will create availability by themselves.

How? It is well-known at China that TravelSky, the Chinese version of Amadeus, is fairly vulnerable to protect Chinese travelers' information. Unfortunately, it is also the case that if anybody purchases a flight ticket in China (e.g., to travel on CA, MU, or CZ), your personal information may very likely already be compromised through TravelSky. My best guess is: by accessing TravelSky's database, these Chinese scalpers were able to locate passenger information (e.g., first and last name) as well as ticket information (e.g., PNR# and cabin) for any CA flights, even if the tickets are issued on a 016 stock.

Now, how come only 016 stock tickets got cancelled by these scalpers, but not 037 (US) or 014 (AC) stock tickets? This all thanks to the super easy and hassle-free online award booking management system of UA. United.com only requests two piece of information from anybody in the world to accomplish a cancellation: PNR and last name, that's it.

Now UA has to do something to stop CA award seat poachers from China to protect MileagePlus members' award benefits. This shouldn't be a rocket science project but simply adding an additional layer of verification and security before anybody attempts to cancel a 016 stock award booking, such as booking may only be cancelled online when the account is logged in, or verified the pin code when cancelled through an agent.

UAInsider, your prompt reply to this issue will be very much appreciated. If you need those victims' information, please feel free to send me a PM. Thanks.
lewende is offline