Originally Posted by
Geoflying
Recent news reports indicate that loyalty programmes have been a target of hackers "stealing" miles to redeem for goods and services......
Until Aeroplan improves their security on their website I am certainly going to improve my approach to password security there by making it longer and harder to be defeated by a brute force attack although Aeroplan makes this hard by these restrictions.
Back on Nov 4, I posted this in a new thread.
It seems no one was concerned enough to post a reply
Originally Posted by
24left
This got me thinking about the current level of password protection on AC/AE accounts...maybe adding two-step or multi-step authentication?
From Krebs on Security re hacking of TRAVEL loyalty program accounts:
"“They got into the account and of course
the first thing they did was change my primary and secondary email accounts, so that neither me nor my travel agent were getting notifications about new travel bookings,” said Brothers, co-founder of Verafin, a Canadian software security firm that focuses on anti-money laundering and fraud detection."
http://krebsonsecurity.com/2014/11/t...ints-accounts/
After Hilton got hacked, they added CAPTCHA and offered members 1,000 HHonors points for updating their passwords. Maybe it is an improvement, who really knows.
Otherwise, I'm not sure AC/Aeroplan's IT can move that quickly, otherwise they would have done so a while ago. IMHO.