I know it's been said many times before but I'll say it again (in the astronomically unlikely chance that an IHG rep is reading this): it's an absolute scandal that IHG continues to have nothing more than a 4-digit pin for authentication. I seriously can't think of any other outfit that has such shoddy internet security, either in the hospitality or otherwise. As far as back as 20 years ago, if I'd allowed access to confidential client information by such means I would have rightfully been given the sack by my employer.

I get the jitters if my points balance goes above 200K, let alone several million points as plenty of people (including the OP) are sitting on.