FlyerTalk Forums - View Single Post - HHonors Points Stolen Through Amazon.com

Nov 6, 2019 | 11:04 am

#150

FlyBitcoin

Join Date: Dec 2018

Location: DL Hub Captive x 2

Programs: Delta DM 1M Miler, Alaska Platinum, Marriott Lifetime Titanium, HHonrs Diamond

Posts: 1,914

This HHonors/Amazon hack is still going on and Hilton has not done anything to fix this very vulnerable IT threat.
There are tons of hacks of companies (Starwood for one) and huge databases of emails and passwords from those hacks out there that anyone can access or purchase and begin hacking away at other commonly used accounts that have an easy gain.
Hilton uses a username, not just the HHonors member number for logins, which is a flaw. Most people share usernames across platforms or use the beginning of their email address before the "@". So a database with emails addresses/logins and passwords is a very fertile area. Even better if the data is from another hotel site. And I would bet this way, and not keyloggers and theft from hotel wi-fi is the way 99% of the people on this forum are getting HHonors points hacked.

Hacking a Hilton Honors account has the most to gain because you can quickly link the points to burner Amazon account, buy a gift card and cash out in seconds. No trail to catch them compared to hacking a bank account since there has to be another account to receive the money.

Moreover, aware of this vulnerability, I linked my HHonors to my Amazon back in April so that it could not get linked to a burner Amazon account in such a manner. However, I found out today that one can link a single HHonors account to THREE different Amazon accounts. So if your one Amazon prime account is already linked for safety, even if you have no intention of using the points, it doesn't even help. Nobody has to delete that in order to spend HHonors points at another Amazon account.

It says a lot about our corporate culture where hacks of $200 - $1000 of points are simple "write off's" to them. As we move toward fewer online merchants and fewer hotel chains out there, these organizations get so big and so bloated that they find it cheaper to just write this stuff off instead of prevent it. And every write off just funds the hackers to grow in numbers and sophistication. You think that kid who gets a successful hit from a password database and wins a $200 gift card from Amazon is going to retire from hacking after that one successful attempt?

If you have any HHonors points, change your HHonors password to something you have not used on any other website in the last 6 months.

And Hilton either needs to end the Amazon partnership or limit the linking to only ONE Amazon account.
Hilton also needs to add a clickable email confirmation link when a new Amazon account has been linked or a currently linked account is removed.

Reply