Originally Posted by
trey
As the OP, I am about half way through changing my 75 passwords. Its a major pain. I sent AW a message asking to verify this and they verified and basically told me tough luck. I am cancelling them and recommend others do as well.
I am a heavy AwardWallet user myself. All of my own and my family's accounts are tracked there.
It's unfortunate that this happened, but fundamentally, this is a problem of weak password. Not much different than if you put sensitive information in dropbox and has a password of "1234" - someone could guess it and get all your information.
As a heavy user, I actually appreciate AwardWallet being proactive in notifying members about this. Some companies would have buried the news and played dumb. This notification shows that AwardWallet is concerned about user security more than their own reputation.
I think that as a victim of this, you should actually KEEP using AwardWallet.
They have already clarified that there was not a system weakness. Given that someone guessed your (weak?) password and got all your account information, I would say AwardWallet would be invaluable in tracking down rogue redemptions.
It is not feasible to monitor all your 75 account by hand. This is a job that AwardWallet shines at, even though it sucks that it was where the attacker guessed the password and got your information. AwardWallet also saved all your prior balances, so by continuing to use AwardWallet, you will get quick notification if any of your account balances changed.
I think for your own security, it makes sense to continue using AwardWallet at least for the next few months, until you are sure that there are no rogue redemption.