Odd account security issue [AAdvantage account data breaches]
I was presented today with a very odd account security issue that I'm not sure I understand.
I yesterday successfully linked by US and AA accounts (confirmed on both sites). I had no issues with the link process and it immediately confirmed my accounts on both sides. Today I received an e-mail from AAdvantage that states: Subject: Duplicate Accounts Merged "Dear DLL, As the result of unauthorized access to your AAdvantage account, we are providing you with a new AAdvantage account number. We will contact you again shortly with additional details, but in the meantime we have taken this action to help protect the security of your account. Please be sure to use AAdvantage account XYZABC for all of your mileage earning and redemption activity. If you earn miles through any of our partners or book your flights through a travel agency or corporate booking tool, we recommend you update your account number with them. All transactions and balances from the compromised account are included in account XYZ1ABC, and there is a balance of XXX,XXX miles available for award redemption. To see additional account information, please login on AA.com with the new AAdvantage account number, and select Forgot/Need Password from the Login screen to create a new password. Do not use the same password that you used previously, and do not use the same password you use on other online sites. While you are logged into your account, we recommend you review your email and notification selections to ensure they are set properly. If you have any questions about your account, please contact us at your convenience. We apologize for the inconvenience and will email you again soon with additional information. Regards, AAdvantage Customer Service American Airlines" I have no idea what the unauthorized access might be - has anyone else had this issue? Wondering if the AA/US account link process caused some issue that generated a new account. Also not sure if I need to call Citi and have them relink my AAdvantage credit cards to the new account number. Sort of a pain, all around, as I have to memorize a new account number and go through hoops to get outstanding things resolved. |
Originally Posted by JonNYC
(Post 24139323)
Very odd indeed! I'll see if anyone knows what this was and/or if other members will get the same (as in if it -was- a result of merge the other night.)
I agree-- I'd hate to lose my AAdv #. And then all that other stuff you'll have to rebuild-- that really is a pain! BTW, you should delete your AAdv # that's in your post-- even if it's old! :) |
Originally Posted by JonNYC
(Post 24139384)
Great, glad you edited it.
My first-glance, shoot-from-the-hip thought is that this was -not- related to the linking. Although the timing is awfully coincidental, obviously. Here's the thing, historically, I've never heard of AA just changing AAdv #'s on a member-- even when the account has been compromised. Yes, many members might -opt- at that time for a new AAdv number, but that's not the historic standard protocol. |
I got exactly the same email today, and I also linked my US account # to AA two days ago.
|
My wife just got this same email and is on the phone with them now. She's had the same AAdv# since '91. She hasn't linked any other accounts to this one.
Somewhat disconcerting, as she had just put two trips on hold, and those and two paid reservations are now missing from the new account, as well as her upgrades. UPDATE: Wife was told she'll have to contact AAdvantage on Monday for more info. Now she cannot log in under either her old or her new AA#. |
Sounds like this could be the result of some recent, specific data breach -- e.g. somebody got hold of a known set of AAdvantage numbers from some source (but perhaps hasn't done anything with them yet), and AA is changing them out of an abundance of caution.
|
Originally Posted by ziobacio
(Post 24139818)
My wife just got this same email and is on the phone with them now. She's had the same AAdv# since '91. She hasn't linked any other accounts to this one.
Somewhat disconcerting, as she had just put two trips on hold, and those and two paid reservations are now missing from the new account, as well as her upgrades. All of my data except credit card, companion info and 500-mile upgrades was ported over (including MM status and current mileage). But everything else that touches my account is broken and will have to be rebuilt/refreshed. |
My business partner and I both linked a few days ago. Went smoothly in both cases and we are able to log into our accounts normally today.
|
Originally Posted by JonNYC
(Post 24140152)
To be clear, since it will help very much in eliminating possible source(s) of this; you wife did -not- do the link to US FF acct # thing that went up the other night?
We're hoping that the rest of her info gets carried over, perhaps in overnight processing? Otherwise we were told to wait until Monday when AAdvantage offices are open. She can at least log into the new acct now -- her miles are there, although the reservation/hold info, upgrade balance, cc, companion info, are all missing. |
Another oddity to this security issue: the title of the email is "Duplicate Accounts Merged" yet the email itself says that there has been "unauthorized access" to the AA account, resulting in the issuance of a new acct number.
|
Originally Posted by JonNYC
(Post 24140340)
I agree-- that email subject title strikes me as a very odd choice under these circumstances.
I further suspect that when they changed to the new AAdvantage account number, what they really did was create a new account with the same member details (name, address, phone, DOB, email, etc) then used the standard "merge duplicate accounts" feature to migrate the miles, lifetime miles, and other details from the old account into the new account and close the old account. This perhaps generates an automated message to the passenger, using standardized "Duplicate accounts merged" verbiage since that's what the function was originally designed for, customized with verbiage regarding the security issue. |
Holy <poo poo>... this happened to me today as well... an hour or two ago. :(
Edit: won't let me link my US airway account cause its already been linked... none of my trips are showing up now... what a f'in mess. Edit2: what a pain. had to call on the phone to have all my flights switched over as none of them showed up on my account. Apparently they were warned this morning that "some" accounts had been compromised. Edit3: All my 500 mile upgrade stickers are gone. :( |
Just got the same email a few hours ago!
I got the same email a few hours ago as well! I did not do anything involving USAirways or anything at all for that matter. I also wonder if it is a security breach that they haven't announced. I have no idea if this is related, but earlier today when I logged in it said January 2015 would show my YTD 2014 activity - but it was all zeroed out. Thought that was strange.
I have not called anyone at AA yet, but I was getting ready to book a couple of trips so probably should. If I hear any additional info that has not been posted by then, I will share. Was also wondering if it was a legit email or a bogus one. However it stated my mileage balance in the email and that was accurate, for what it is worth. |
UGH! Did absolutely nothing as far as merged accounts. All stickers and future travel is gone. What a pain...
|
Originally Posted by JonNYC
(Post 24141323)
I'd suggest that at this point, that's pretty much a given
I just went and made screenshots of my account details just in case...mileage and record locators pages. |
All times are GMT -6. The time now is 4:28 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.