Avios hacked
#16
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 63,705
I received a "please change passwords" note from Accor, but not (yet) from BA, my Accor credits are not sent or linked to BA (Accor's scheme is so dreadful it's frankly not worth the effort). Hilton is also beefing up its password requirements, but that's be so long in the making that I don't think that is related.
#17
Join Date: Mar 2011
Location: Switzerland
Programs: Accor Plat, SPG Gold, MR Silver, BA Gold, DL Silver, Amex Plat (IDC)
Posts: 150
I guess I will change my accor password too (didn't know I can connect it to ba... )
#18
Join Date: May 2012
Location: Londondinium
Programs: BAEC Sludge
Posts: 96
I got the same email tonight but my account was hacked last week. I was assuming this was the resolution but are you suggesting this is a dodgy email?
#19
Join Date: Mar 2011
Location: Switzerland
Programs: Accor Plat, SPG Gold, MR Silver, BA Gold, DL Silver, Amex Plat (IDC)
Posts: 150
I don't think it was a dodgy email, but i didn't click on the link in the mail, i did open ba.com from my browser and had to ask for a new password to be able to login.
#20
Formerly known as newbie elite
Join Date: Feb 2002
Location: YUL
Programs: IHG Diamond Ambassador, Accor Platinum, AC50K
Posts: 2,921
I received a "please change passwords" note from Accor, but not (yet) from BA, my Accor credits are not sent or linked to BA (Accor's scheme is so dreadful it's frankly not worth the effort). Hilton is also beefing up its password requirements, but that's be so long in the making that I don't think that is related.
But this is just speculation on my part.
#21
Join Date: May 2004
Location: UK
Programs: BA Silver, LH Blue, HH Gold, SPG Gold, Priority Club Gold,Amex Platinum
Posts: 342
My wife had exactly the same email last night. Very rarely logs into her account and doesn't store the password with any third-party websites.
#22
Join Date: Nov 2012
Programs: BAEC Gold
Posts: 130
I got the same email last night, after my account was placed into audit two days ago. Seems odd it happened at the same time i tried to log in to use some avios - maybe they thought my IP was unusual (DXB based) but i use it all the time. Nothing was stolen or used according to the email.
#23
Formerly known as newbie elite
Join Date: Feb 2002
Location: YUL
Programs: IHG Diamond Ambassador, Accor Platinum, AC50K
Posts: 2,921
For those that got the email, how long did it take to get the password reset email after you provided your BA ID? I ask because it has been a little while and no further email from BA to complete the reset process. I would assume that since I got the original email saying my account was locked that the odds of the hacker having changed my email address is slim!
My Amex account was locked as well to add another data point. Partly my fault, I have strong, random passwords for my banking and 2-factor authentication on my email, but these accounts had the same (or similar) passwords. I should have known better but was just lazy...
My Amex account was locked as well to add another data point. Partly my fault, I have strong, random passwords for my banking and 2-factor authentication on my email, but these accounts had the same (or similar) passwords. I should have known better but was just lazy...
#24
Join Date: Jan 2003
Location: between DCA and BWI
Programs: SPG Gold, Hyatt Plat, UA Premier, Hilton Gold
Posts: 3,652
Yeah, same here. Received an email from BA regarding account being compromised, attempted to reset the password through the site - and then nothing...
Seems like their password reset functionality is either extremely slow, or is not functioning at all. Will try calling later.
Seems like their password reset functionality is either extremely slow, or is not functioning at all. Will try calling later.
For those that got the email, how long did it take to get the password reset email after you provided your BA ID? I ask because it has been a little while and no further email from BA to complete the reset process. I would assume that since I got the original email saying my account was locked that the odds of the hacker having changed my email address is slim!
My Amex account was locked as well to add another data point. Partly my fault, I have strong, random passwords for my banking and 2-factor authentication on my email, but these accounts had the same (or similar) passwords. I should have known better but was just lazy...
My Amex account was locked as well to add another data point. Partly my fault, I have strong, random passwords for my banking and 2-factor authentication on my email, but these accounts had the same (or similar) passwords. I should have known better but was just lazy...
#25
Join Date: Jun 2002
Location: London, UK
Programs: BA Gold(OWE), QF LTG, MR Plat, IHG Spire, Hertz PC
Posts: 8,156
If BA actually *understood* security, rather than provide a link they would simply ask users to go to the website.
#26
Formerly known as newbie elite
Join Date: Feb 2002
Location: YUL
Programs: IHG Diamond Ambassador, Accor Platinum, AC50K
Posts: 2,921
Actually, sending a link to a verified email address is a better solution than letting people change passwords directly on the website IMO. Like that the hacker cannot lock the user out of their own account by changing the password, unless they have access to the users email. If email is compromised then the point is moot.
#27
Join Date: Jan 2013
Location: YVR
Programs: Aeroplan, British Airways, Alaska
Posts: 249
I think it's time to change my password...
#28
Join Date: Jul 2013
Programs: QFF Silver, BA Blue, GF Silver, 3V Emerald
Posts: 141
Yeah, same here. Received an email from BA regarding account being compromised, attempted to reset the password through the site - and then nothing...
Seems like their password reset functionality is either extremely slow, or is not functioning at all. Will try calling later.
Seems like their password reset functionality is either extremely slow, or is not functioning at all. Will try calling later.
#29
Join Date: Nov 2012
Programs: BAEC Gold
Posts: 130
Me three. Been over 24 hours since I clicked on the reset request and still nothing.
#30
Join Date: Feb 2015
Location: UK
Programs: BAEC GGL
Posts: 10
After verification I was then able to use the online password reset functionality (password reset email arrived seconds after the request was made). This allowed me access to my account again
The agent I spoke to alluded to it being a widespread issue across numerous BAEC accounts
I double checked my linked email account for any unusual activity. There was nothing unexpected, so I doubt my email account had been compromised