Update - My computer seems to be clean; repeated anti-malware scans have eliminated a few craplit adware registry and temp file remnants (Weeks ago I'd already dealt with any .exe files that showed up in the program list) so I don't think I've got a keystroke monitor, although of course if I do and it's super buried we'll see shortly
. Note the computer I use is on an ethernet line to my cable modem, so I don't think a wi-fi leak is a realistic risk.
My AAdvantage account has been migrated to a new account number; because it was an elite account they have to manually configure the new account to recognize my status; the ACS rep said to monitor the new account like crazy over the next couple of weeks.
The miles for the unused tickets have been put back; however those for the used ticket (yesterday's HKG-LAX flight) will need to be restored (I assume) by someone in the fraud unit rather than ACS. The rep had no way of knowing, and wouldn't be able to tell me anyway, what, if anything, happened to the arriving pax last night. We were both puzzled as to how I managed to get into the site on Saturday and undo all the prior tickets only to have it re-hacked and the "flown" one reinstated on Sunday. She didn't have access to time-stamps covering (a) my conversation with AA on Saturday when we first undid the hack, or (b) when the re-hack took place, except that it was on the same day. I fear it was just blind luck that the perp was doing the second transaction while we were in the middle of undoing the first.
How I didn't get an email notification of the change of email addresses is a major puzzler and is the part that has me rather freaked. I suggested to the rep that AA ask for an alternate email address to be used as a secondary backup, so that if some change is made, not only the "old" email address gets an alert, but also the secondary one, and she thought that was an idea that she would take to the next "brainstorming" session at ACS, which occur every couple of weeks evidently. I also suggested that since AA has cell phone numbers for many members, used for flight notifications, that it, too, could be utilized as a fail-safe fail-safe, since email hackers might not have access to the mobile device. No good if you use your phone for all your web/email activity, but if your phone was nicked you'd know about it pronto. She thought that was a terrific idea that she'd take to the same meeting.
Meanwhile I'm wondering about the fact that the only bogus credit card activity I've had was on the Citibank card attached to my AAdvantage account. I know Citi had a giant data breach a couple of years ago, but just wondering if that's an avenue to explore. I suspect it's just me being paranoid, which of course has attained new heights over the weekend.