Went to AA.Com and are in Someone Elses Account
#1
Original Poster
Join Date: Feb 2005
Location: BOS
Programs: AA, HH, Marriott Titanium Elite
Posts: 799
Went to AA.Com and are in Someone Elses Account
Just went to AA.Com and instead of seeing my name and Account Number I was in "Mark's" Account. He's EXP with a ton of miles. He's posted 300K+ since last month. When I clicked on View details it gave me his account number. Granted I do not know his password to get into his account. But I shouldn't be seeing this. Has this happened to any one else today? Very disconserting.
#2
Join Date: Jul 2005
Programs: FlyingBlue Platinum, LH Senator, VA Velocity Platinum, Marriott Silver, Hilton Diamond
Posts: 1,010
WOW.. so much for security with miles...
#3
Suspended
Join Date: Feb 2001
Location: Tampa, Florida, U.S.A.
Posts: 7,664
Originally Posted by wma
Just went to AA.Com and instead of seeing my name and Account Number I was in "Mark's" Account. He's EXP with a ton of miles. He's posted 300K+ since last month. When I clicked on View details it gave me his account number. Granted I do not know his password to get into his account. But I shouldn't be seeing this. Has this happened to any one else today? Very disconserting.
Believe or not it appears to be a member posting here on Ftalk.
I sent him an PM ( no response)
Just curious did you speak to the Admirals club or Advantage customer service to have a posting adjusted in your account yesterday?
I did not, sure if related.
mike
#4
Original Poster
Join Date: Feb 2005
Location: BOS
Programs: AA, HH, Marriott Titanium Elite
Posts: 799
More Information. Mark is in GRR, I'm in BOS. AA.com technical support (Scott) says he had to log into my computer for this to happen. I told them he's in MI I'm in MA, it didn't happen. He puts me on hold and comes back to tell me "Yeah, we've been having some problems like that of late. You have to tell the Webmaster." I asked aren't you web support? Scott replies "Yeah, but you need to go online and write it up, if (get this) I feel there is a breach in security." I asked Scott, if he thought this was "A breach in Security?", his reply "Yeah" (big on yeahs).
I wrote it up and sent it in. If there is a Mark out here on FT from GRR, who's EXP PM me.
I wrote it up and sent it in. If there is a Mark out here on FT from GRR, who's EXP PM me.
#5
Join Date: May 2000
Programs: Ozark Airlines--Lifetime Platinum, Braniff---Diamond, Eastern--Plutonium Motel 6--Guest of the Month
Posts: 853
Same exact thing happened to my wife's account several years ago....somehow i provided a link inside FT to a question somebody asked about AA, and the next day my wife's account was pulled up by many people....found out about it on FT, they were talking about seeing someone elses account...and lo and behold it is the wife's. Took a couple calls to AA webmaster and a couple days to get it sorted out...but also ended up with a few extra miles in her account for the ordeal. ^
#6
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SJC
Programs: AA EXP, BA Silver, Hyatt Globalist, Hilton diamond, Marriott Platinum
Posts: 33,533
Originally Posted by zipual
Same exact thing happened to my wife's account several years ago....somehow i provided a link inside FT to a question somebody asked about AA, and the next day my wife's account was pulled up by many people
Cheers.
#7
Join Date: Feb 2005
Location: just perfect, till the snow comes
Programs: AA (what is EXP?), UA 1P, IC free mini bar club, SPG GLD
Posts: 887
Originally Posted by brp
security on AA.com should not allow someone to just enter a URL with session and get in bypassing the password part. But it seems to do so, and this would, at least, explain what happened in your situation.
Cheers.
Cheers.
Seems like AA.com is running out of Session-ID
#8
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SJC
Programs: AA EXP, BA Silver, Hyatt Globalist, Hilton diamond, Marriott Platinum
Posts: 33,533
Originally Posted by kenfry
Seems like AA.com is running out of Session-ID
Cheers.
#9
Suspended
Join Date: Feb 2001
Location: Tampa, Florida, U.S.A.
Posts: 7,664
Originally Posted by zipual
Same exact thing happened to my wife's account several years ago....somehow i provided a link inside FT to a question somebody asked about AA, and the next day my wife's account was pulled up by many people....found out about it on FT, they were talking about seeing someone elses account...and lo and behold it is the wife's. Took a couple calls to AA webmaster and a couple days to get it sorted out...but also ended up with a few extra miles in her account for the ordeal. ^
I believe he read ( or deleted) my PM to him.
mike
#10
Original Poster
Join Date: Feb 2005
Location: BOS
Programs: AA, HH, Marriott Titanium Elite
Posts: 799
I'm confused so what I hear you folks saying, when I read a thread yesterday and clicked the AA link in the thread, I got into "Mark's" account. And since I have "save my ID number" checked on my computer, I saved his ID? If that is the case, it's bad.
As the AA saga continues - I received an email back from the webmaster saying I was using a public computer and that's why I was seeing Mark's account. Understand when I saw Mark's account all it said was Mark, not his last name. The CSR at AA kindly provided his last name in the email. So now I have his full name and account number. Nice.
As the AA saga continues - I received an email back from the webmaster saying I was using a public computer and that's why I was seeing Mark's account. Understand when I saw Mark's account all it said was Mark, not his last name. The CSR at AA kindly provided his last name in the email. So now I have his full name and account number. Nice.
#11
FlyerTalk Evangelist
Join Date: Mar 2004
Location: SJC
Programs: AA EXP, BA Silver, Hyatt Globalist, Hilton diamond, Marriott Platinum
Posts: 33,533
Originally Posted by wma
I'm confused so what I hear you folks saying, when I read a thread yesterday and clicked the AA link in the thread, I got into "Mark's" account. And since I have "save my ID number" checked on my computer, I saved his ID? If that is the case, it's bad.
As the AA saga continues - I received an email back from the webmaster saying I was using a public computer and that's why I was seeing Mark's account. Understand when I saw Mark's account all it said was Mark, not his last name. The CSR at AA kindly provided his last name in the email. So now I have his full name and account number. Nice. [/QUOTE]
From your OP, I thought that this was on your own computer. If it was public, it is likely that Mark didn't log out. Did you just to to AA.com and have Mark's info? Did you select "Logout" or "Change User"? Did you go to a blank screen (with no user showing) and login with your info only to find Mark's instead?
There have been a number of threads here about finding someone else's un-logged-out account on a public computer, usually an AC. That's not as odd an occurrence as if you had done this on your home computer, where Mark, likely, never would have been.
Am I interpreting the details correctly?
Cheers.
#12
Original Poster
Join Date: Feb 2005
Location: BOS
Programs: AA, HH, Marriott Titanium Elite
Posts: 799
Originally Posted by brp
From your OP, I thought that this was on your own computer. If it was public, it is likely that Mark didn't log out. Did you just to to AA.com and have Mark's info? Did you select "Logout" or "Change User"? Did you go to a blank screen (with no user showing) and login with your info only to find Mark's instead? Am I interpreting the details correctly
What gets me in the email, AA gave me more information on the guy than I orginally had.
I have figured out where I taped into the link, and have PM'd the person letting him know the situation and advising him to remove his post.
#13
Suspended
Join Date: Feb 2001
Location: Tampa, Florida, U.S.A.
Posts: 7,664
Originally Posted by wma
Sorry I wasn't clear in my sarcasm. I was using my laptop, I wasn't using a public computer and I told that to the AA webmaster. What got me was I felt like the CSR didn't read the email, just gave me a scripted answer. I was clear in my email that the computer was my own personal laptop, not a public one, and that it (the computer) has been in my possession as long as I own it ( I never let anyone touch it, my husband doesn't even know my password).
What gets me in the email, AA gave me more information on the guy than I orginally had.
I have figured out where I taped into the link, and have PM'd the person letting him know the situation and advising him to remove his post.
What gets me in the email, AA gave me more information on the guy than I orginally had.
I have figured out where I taped into the link, and have PM'd the person letting him know the situation and advising him to remove his post.
mike
Edited to add that the info came up on my PC at home
#14
Join Date: Jan 2003
Location: Scarsdale, NY USA; LT PLT AA; AA 3 mm (4 mm will never happen); Hilton Diamond, Marriott Silver, AA is clueless why I fly
Posts: 754
Originally Posted by wma
Understand when I saw Mark's account all it said was Mark, not his last name. The CSR at AA kindly provided his last name in the email. So now I have his full name and account number. Nice.
#15
Original Poster
Join Date: Feb 2005
Location: BOS
Programs: AA, HH, Marriott Titanium Elite
Posts: 799
Originally Posted by MIKESILV
I guess you didnt bother to read my initial post saying I had already identified the Ftalker and had PM him about it LAST NIGHT ( at about 900PM)