Last edit by: corporate-wage-slave
If you are new to this thread, please read this wiki before posting a question.
It's here to summarise what we know so far. It will save you the trouble of skim-reading the whole thread and should only take a minute to read. Thanks!
The very short version is:
If all your BA Avios have vanished, don't panic. They have probably been temporarily frozen by BA, not stolen by hackers.
British Airways have issued an FAQ on the issue:
http://www.britishairways.com/travel...s?p_faqid=5249
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
As of 17 hrs BST 30 March 2015, some members of FT have seen their Avios returned, as an equal Ex-Gratia credit to their account.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it's clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
Can I fix it myself?
Not at this stage. Early posts described a two part process but that no longer works, perhaps because there were too many cases. It will be necessary to reset your password if you are affected. After that you can login to your account, but at the moment those affected will still see zero Avios. Tier Points are unaffected by this incident.
Do I need to reset my password?
If you can't get into BA.com then yes. There seems to be two ways to do this:
1) If you received the email in post 181 above, follow the link to generate a new password. Note that you should double check that this is the precise same email shown in the link. There is a facility to view this email in a browser, top right, this is hosted by ed4.net
2) On the front page of BA.com -- when not logged in -- there is a "Forgotten PIN/Password" option. This should send an email to your registered account and from there you can reset your password.
There are, however, many reports of option 2 not working, although it is working for some BAEC members on some occasions. As always, check your spam box. If you can't get it to work, you can telephone the call centre (service centre) and after asking additional questions to verify identity, they can generate the email too.
I haven't received the email but I have been locked out / zero'd, what should I do?
Try to reset your password as above, and you could ring BA to find out if you need to take additional action. However the chances are that at the moment you will need to wait at least a few days until the situation becomes clearer.
I haven't been blocked, do I need to do anything?
No. But if you are worried you can reset your password inside BAEC, just go to My Executive Club / Manage My Account / Update My Personal Information / Login Details. However with so many BAEC members inhibited in making bookings at the moment, now may be a good time to take advantage of unclaimed availability.
Have other Avios partners been hit by this?
Yes, Iberia have been, Avios.com apparently not.
How do I look for or book redemptions?
If you have been zero'd then the Book with Avios or Money tab on the left side of My Executive Club may be blocked. However, you can at least check availability via Executive Club / Reward Flights / Book a Reward Flight. BAEC call centre staff are able to book redemptions for you. Remember to check that any booking fee is waived (hopefully they will do this without prompting). In other cases call centre staff have offered to put a redemption booking on "hold" pending the resolution of this issue. Alternatively if you have an Avios.com account with Avios already available there, then this maybe another way of handling this matter.
Statement of March 28 by AwardWallet.com : https://awardwallet.com/forum/viewtopic.php?f=16&t=6616&sid=28d901e85aafebb62044 609dc1a1ae7b
It's here to summarise what we know so far. It will save you the trouble of skim-reading the whole thread and should only take a minute to read. Thanks!
The very short version is:
If all your BA Avios have vanished, don't panic. They have probably been temporarily frozen by BA, not stolen by hackers.
British Airways have issued an FAQ on the issue:
http://www.britishairways.com/travel...s?p_faqid=5249
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
As of 17 hrs BST 30 March 2015, some members of FT have seen their Avios returned, as an equal Ex-Gratia credit to their account.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it's clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
Can I fix it myself?
Not at this stage. Early posts described a two part process but that no longer works, perhaps because there were too many cases. It will be necessary to reset your password if you are affected. After that you can login to your account, but at the moment those affected will still see zero Avios. Tier Points are unaffected by this incident.
Do I need to reset my password?
If you can't get into BA.com then yes. There seems to be two ways to do this:
1) If you received the email in post 181 above, follow the link to generate a new password. Note that you should double check that this is the precise same email shown in the link. There is a facility to view this email in a browser, top right, this is hosted by ed4.net
2) On the front page of BA.com -- when not logged in -- there is a "Forgotten PIN/Password" option. This should send an email to your registered account and from there you can reset your password.
There are, however, many reports of option 2 not working, although it is working for some BAEC members on some occasions. As always, check your spam box. If you can't get it to work, you can telephone the call centre (service centre) and after asking additional questions to verify identity, they can generate the email too.
I haven't received the email but I have been locked out / zero'd, what should I do?
Try to reset your password as above, and you could ring BA to find out if you need to take additional action. However the chances are that at the moment you will need to wait at least a few days until the situation becomes clearer.
I haven't been blocked, do I need to do anything?
No. But if you are worried you can reset your password inside BAEC, just go to My Executive Club / Manage My Account / Update My Personal Information / Login Details. However with so many BAEC members inhibited in making bookings at the moment, now may be a good time to take advantage of unclaimed availability.
Have other Avios partners been hit by this?
Yes, Iberia have been, Avios.com apparently not.
How do I look for or book redemptions?
If you have been zero'd then the Book with Avios or Money tab on the left side of My Executive Club may be blocked. However, you can at least check availability via Executive Club / Reward Flights / Book a Reward Flight. BAEC call centre staff are able to book redemptions for you. Remember to check that any booking fee is waived (hopefully they will do this without prompting). In other cases call centre staff have offered to put a redemption booking on "hold" pending the resolution of this issue. Alternatively if you have an Avios.com account with Avios already available there, then this maybe another way of handling this matter.
Statement of March 28 by AwardWallet.com : https://awardwallet.com/forum/viewtopic.php?f=16&t=6616&sid=28d901e85aafebb62044 609dc1a1ae7b
27 Mar: Large numbers of BAEC accounts being Locked/Zeroed Out/in Audit ('Ex-gratia')
#166
Join Date: Feb 2009
Location: Chelsea
Programs: BA Gold
Posts: 1,227
#169
Join Date: Mar 2011
Location: Valencia, Spain
Programs: LH SEN, A3*G, BAEC Gold
Posts: 154
#171
Join Date: Dec 2013
Location: Ancaster, ON, Canada
Programs: BA Gold, IHG Plat, Hilton Gold
Posts: 487
I don't even know what Awardwallet is and my account is locked. I can't log in with number or username and the reset password doesn't work. It appears like I've never had an account with BA
#174
Join Date: May 2006
Location: Godalming, Surrey, UK.
Programs: Nowt of note.
Posts: 1,628
Another data point:
- Not an awardwallet user
- 4 inbound transactions to BAEC in March (though none flights)
- account not locked
- 2 inbound transactions to Iberia Plus in March, one of which was a flight
- I had to change PIN when logging in
- Avios are intact.
#175
Join Date: Jun 2011
Location: Around The World
Programs: ALL :)
Posts: 384
Now back to my regular scheduled misery of losing all my avios, and possibly having to stay on hold with BA for an entire day.
#176
Join Date: Nov 2012
Posts: 337
I had to reset my password to get into the account, and what to do now? doesn't sound like calling BA helps.
#177
Join Date: Mar 2007
Location: EWR-SEA-IAD
Programs: UA 1P MM, AS MVP G*, SPG Gold, Hyatt Plat, IHG Plat, Hilton Diamond, Marriott Gold
Posts: 977
And Bam...
We are not permitting you to make a reward booking with British Airways using your Avios. Either you have already received a communication from us to this effect, or you will shortly do so.
We are not permitting you to make a reward booking with British Airways using your Avios. Either you have already received a communication from us to this effect, or you will shortly do so.
#178
Join Date: Aug 2010
Location: Sheffield, UK
Programs: BA - Silver,Hilton-Diamond, IHG - PlatAmb, GHA - Plat
Posts: 766
Complete guess, but with BA's login still accepting numeric login ids, I wouldn't be surprised if ba.com has been subject to a brute force attack, with sequential numeric login id attempts with common passwords.
End game might be BA turning off BAEC number logins and forcing us to use usernames.
End game might be BA turning off BAEC number logins and forcing us to use usernames.
I for one am glad BA have taken this action to protect its customers, most companies who have a DDOS (Distributed Denial of Service for those non-techies), will just shutdown the website, or redirect to a holding page, but it looks like BA's threat management systems work, and are doing a grand job..
As a SysAdmin for corporate IT Systems, the password complexity on BA's website is shockingly lax, should really be set to min 8 Chars, Capital Letters, Lower Case, Numbers and Special Characters, and no straight dictionary words (thats asking for issues)
So dont blame BA IT for this.. ps i dont work for BA's IT Team..
#179
Suspended
Join Date: Mar 2002
Location: Canada, USA, Europe
Programs: UA 1K
Posts: 31,452
Just spoke with Gold line. Experience as many of you have had...many/most Gold/GGL accounts, especially those with high balances have been preventatively locked and set to zero to prevent fraud. Extra security questions, after which she sent me a password reset email (which has yet to arrive). Avois are correct on her screen but will likely show zero in external systems until sometime mid-next week. Phone bookings are available.
#180
FlyerTalk Evangelist
Join Date: Oct 2008
Posts: 11,565
I just got the email that was supposed to be sent out BEFORE they froze the accounts.
I just recalled however, that on the phone the woman told me I could choose the same password as before as the password was not the issue. Hmmmm.
I just recalled however, that on the phone the woman told me I could choose the same password as before as the password was not the issue. Hmmmm.