Originally Posted by notquiteaff

Sure, but the OP makes it sound like AS security is at fault here. Most individual account hacks, I suspect, are due to lax security measures by the individual account holder. Hacking an individual’s computer to then somehow access their loyalty program is likely so much more effort than just buying a email/password list from some previous hack and just looking for people who still (in 2024) reuse passwords.



Sure, they could do that. Instead they just blocked all awards at the 72 hrs window, probably because that was a single IF statement in their PDP-11 code while what you are describing is a much more significant effort.

Whenever I make an AS reservation, I receive an email confirmation. The OP probably did, too, but either didn’t notice it in the flood of emails or their email account was changed in AS.com and the flood of emails was designed to make that harder to discover.




Strong, unique passwords aren’t difficult or unduly inconvenient for a user either. I don’t disagree that companies like Alaska should do more, but I can control my risk to a large degree here, and so I will of course do that.