FlyerTalk Forums - View Single Post - Hilton Honors Website Security - Accounts hacked Oct 2014
Old Apr 17, 14, 8:13 pm
  #1  
anative
 
Join Date: Dec 2000
Location: Orlando, FL, USA (MCO)
Programs: Hilton-Diamond, Virgin-Gold, BA-Silver
Posts: 21
Hilton Honors Website Security - Accounts hacked Oct 2014

After the recent Heartbleed website vulnerability was announced I went through and made sure that I am using strong unique passwords on all of my web logins.

In the case of Hilton Honors that meant setting up a username and password instead of the Honors # and PIN I was using. The problem is that even after creating a Username and Password there is no way to turn off logging in with the Honors # and PIN. I thought I must be missing something so I called the Diamond Desk and was transferred to a Website person who confirmed that there is not currently a way to turn off the Honors # and PIN login.

This means that anyone with your Honors # (which is on every receipt half tucked under your room door) could hack into your account in just 9999 tries.

SCARY.

An email to Hilton's Privacy Department ([email protected]) has gone unanswered.
anative is offline