Last edit by: Prospero
This thread is dedicated to issues around American Airlines AAdvantage accounts being invaded, taken over or compromised resulting in theft of awards, miles, upgrades and other instruments - and related issues.
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
For issues about account freezes or closures, airline accusations of fraud against the AAdvantage programm and the like please see: Account audit / fraud: award / miles / SWU / VIP sale, barter, etc (consolidated).
If you find your account has been breached or have unexplained activity such as awards you did not arrange, contact AA immediately to protect and gain control over your account and to be made whole.
To help protect your account, be sure
- Have a strong, protected and secure password
- check your account periodically
- be aware and keep track of your transactions
- control or destroy documents such as boarding passes
- use antivirus software- if your personal computer is hacked they can gain control of your AA account
- Be very wary of logging into your account on public computers, like at internet cafés or the hotel business center, where keystroke loggers could be installed
If your email information is correct in aa.com, changes to your account should be sent to you as follows (even if someone changes your email address, though it's of no help if someone pirates your email account):
Dear JDiver,
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Thanks for visiting AA.com. This email confirms that your account has been updated as follows.
Your contact information has been updated, but is not included in this e-mail for the security of your account.
If you did not change your contact information or if you have any concerns about your account, please contact aa.com Web Services.
If you have unsubscribed to one of our email products, we will remove your address from our mailing list as soon as possible. Please be aware that you may continue to receive emails for up to 10 business days.
If you have subscribed to AA email products and are not receiving them, your Internet Service Provider (ISP) may use filters to prevent unwanted emails from reaching your inbox. Sometimes, these filters also block messages you want to receive. In most cases, adding us to your list of trusted senders will solve this issue. In AOL, select "Add Address"; in Yahoo! Mail, Outlook or Outlook Express select "Add To Address Book"; or Hotmail or MSN, select "Save Address(es)". If you need further assistance, contact your ISP's technical support department and ask how to "whitelist" emails from AA.
AA.com
American Airlines
Account fraud / breach: my account compromised, awards taken, etc.
#511
Join Date: May 2003
Location: Texas
Programs: Hyatt Glob (Barely); Marriott Plat Life; AA Up and Down Now Plat; Hilton, UA, BA, HA Peasant
Posts: 2,669
Resolution?
I know I'm old. I remember when it took two full business weeks for hotel points to post. But on the second Friday they always did. My point being interval predictability and infallibility is worth more to me than unpredictable but maybe faster.
#512
Join Date: Nov 2007
Programs: several:)
Posts: 34
Miles stolen
Someone booked a one-way award using my account, just before the flight took off. Talked to the AAdvantage customer service and they took all the details of the incident.
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
#513
Join Date: Jul 2004
Location: SNA
Programs: AA EXP, UA 1K (until it expires then never again), *wood Plat, Marriott Gold
Posts: 9,239
Sounds like someone obtained access to your AA account, obviously work with AA to get your miles back but that really should be secondary. Immediately do the following:
- Change your aa.com password, I'd also do this from a different device than your home computer.
- Verify that your contact/email address on aa.com hasn't also been changed as that is often done to prevent notification of bookings.
- If you use the same password elsewhere change those passwords as well and check for any unauthorized activity on those sites. Also if you have re-used this password on other sites stop doing that - get a password manager and ensure that every site has a unique and strong (12+ characters, with special characters) password and protect your password manager with a passphrase not a password and MFA like a ubikey.
#514
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
Someone booked a one-way award using my account, just before the flight took off. Talked to the AAdvantage customer service and they took all the details of the incident.
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
#515
FlyerTalk Evangelist
Join Date: Jul 2003
Location: jfk area
Programs: AA platinum; 2MM AA, Delta Diamond, Hilton Diamond
Posts: 10,291
(1)There were times in the past where pax reviewing their accts on (dedicated) PCs in ACs did not log-out, leaving their accts vulnerable for "fraud". [Less likely now since most pax have iphones, ipads etc.]
(2)If ones iPhone, ipad is not on a secure connection their AA accts are vulnerable for pilferage.
(3)A hacker can get into AAs system from the "backdoor" and loot accts. [BA had an issue where their database was compromised]
(2)If ones iPhone, ipad is not on a secure connection their AA accts are vulnerable for pilferage.
(3)A hacker can get into AAs system from the "backdoor" and loot accts. [BA had an issue where their database was compromised]
#516
Suspended
Join Date: Mar 2001
Location: FIND ME ON TWITTER FOR THE LATEST
Posts: 27,730
(1)There were times in the past where pax reviewing their accts on (dedicated) PCs in ACs did not log-out, leaving their accts vulnerable for "fraud". [Less likely now since most pax have iphones, ipads etc.]
(2)If ones iPhone, ipad is not on a secure connection their AA accts are vulnerable for pilferage.
(3)A hacker can get into AAs system from the "backdoor" and loot accts. [BA had an issue where their database was compromised]
(2)If ones iPhone, ipad is not on a secure connection their AA accts are vulnerable for pilferage.
(3)A hacker can get into AAs system from the "backdoor" and loot accts. [BA had an issue where their database was compromised]
#517
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,417
Someone booked a one-way award using my account, just before the flight took off. Talked to the AAdvantage customer service and they took all the details of the incident.
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
IMO it should have been considered suspicious that the person managed to book the flight right before departure using an account with a different name when you and your credit card weren't present, with no obvious connection to you (address, last name, etc.). What was the route?
#518
Join Date: Jul 2016
Posts: 152
IMO it should have been considered suspicious that the person managed to book the flight right before departure using an account with a different name when you and your credit card weren't present, with no obvious connection to you (address, last name, etc.). What was the route?
#519
FlyerTalk Evangelist
Join Date: May 2004
Location: DFW/DAL
Programs: AA Lifetime PLT, AS MVPG, HH Diamond, NCL Platinum Plus, MSC Diamond
Posts: 21,422
Someone booked a one-way award using my account, just before the flight took off. Talked to the AAdvantage customer service and they took all the details of the incident.
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
Has this happened to anyone in the forum? What did AA do? Find the guy (his passport number is in the flight info) and see if he did it himself or bought the flight from someone else? Reinstate the miles? Should I try to find the person online? Should I work with an attorney or report him to the FBI cyber crime division?
Thanks in advance for any advise
#524
Join Date: Nov 2007
Programs: several:)
Posts: 34
#525
Join Date: Nov 2007
Programs: several:)
Posts: 34
IMO it should have been considered suspicious that the person managed to book the flight right before departure using an account with a different name when you and your credit card weren't present, with no obvious connection to you (address, last name, etc.). What was the route?