FlyerTalk Forums - View Single Post - AwardWallet Hack
Thread: AwardWallet Hack
View Single Post
Old Jul 30, 2015, 12:58 am
  #4  
veresch
Company Representative - AwardWallet
 
Join Date: Oct 2007
Posts: 56
Unfortunately yes, the email was legitimate. Here is exactly what we sent out to 250 users:

============
Today we have detected that a hacker tried accessing AwardWallet accounts using a brute-force method. Please note that we lock accounts whenever multiple invalid logon attempts happen; however the hacker was still able to login to about 250 accounts. There were different types of accounts compromised:

(1) accounts had the same username and password, for example: username: JohnSmith password: JohnSmith (this was by far the majority of accounts) and

(2) accounts whose passwords were not unique to AwardWallet and were already compromised via different website, or passwords that were easily guessable, like abcd.

Unfortunately, your account was one of those 250 accounts. The hacker then was able to get all of your loyalty account usernames and passwords that you have stored in AwardWallet. This means that you need to change all those loyalty account passwords immediately to avoid the possibility of those accounts being compromised and you need to reset your AwardWallet password using this link:

https://awardwallet.com/?forgotPassword=1

Please set a unique password that you never used anywhere else and please make it complex.

We also suggest you login to all the loyalty accounts for which you have stored credentials on AwardWallet and see if there has been any unauthorized activity. We checked and as far as we see there were no deductions from any of the affected loyalty programs as a result of this issue. If there has been unauthorized activity, please contact the loyalty program to report the unauthorized activity but also please let us know and we will do what we can to help you recover your points/miles.

We sincerely apologize for this! Please also note that there is not much we can do to protect your account if you use a password that is either the same as your login name or if your password is not unique to AwardWallet. Hackers are very sophisticated and if there is any easy way to guess a password, they will guess it.

Finally, we strongly recommend you to enable two-factor authentication on your account:

https://awardwallet.com/faqs.php#44

As a courtesy, we’ve also upgraded your account to AwardWallet Plus for the next 12 months.
veresch is offline  
Reply