Mar 27, 2015, 9:09 am
Last edit by: corporate-wage-slave
If you are new to this thread, please read this wiki before posting a question.
It's here to summarise what we know so far. It will save you the trouble of skim-reading the whole thread and should only take a minute to read. Thanks!
The very short version is:
If all your BA Avios have vanished, don't panic. They have probably been temporarily frozen by BA, not stolen by hackers.
British Airways have issued an FAQ on the issue:
http://www.britishairways.com/travel...s?p_faqid=5249
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
As of 17 hrs BST 30 March 2015, some members of FT have seen their Avios returned, as an equal Ex-Gratia credit to their account.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it's clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
Can I fix it myself?
Not at this stage. Early posts described a two part process but that no longer works, perhaps because there were too many cases. It will be necessary to reset your password if you are affected. After that you can login to your account, but at the moment those affected will still see zero Avios. Tier Points are unaffected by this incident.
Do I need to reset my password?
If you can't get into BA.com then yes. There seems to be two ways to do this:
1) If you received the email in post 181 above, follow the link to generate a new password. Note that you should double check that this is the precise same email shown in the link. There is a facility to view this email in a browser, top right, this is hosted by ed4.net
2) On the front page of BA.com -- when not logged in -- there is a "Forgotten PIN/Password" option. This should send an email to your registered account and from there you can reset your password.
There are, however, many reports of option 2 not working, although it is working for some BAEC members on some occasions. As always, check your spam box. If you can't get it to work, you can telephone the call centre (service centre) and after asking additional questions to verify identity, they can generate the email too.
I haven't received the email but I have been locked out / zero'd, what should I do?
Try to reset your password as above, and you could ring BA to find out if you need to take additional action. However the chances are that at the moment you will need to wait at least a few days until the situation becomes clearer.
I haven't been blocked, do I need to do anything?
No. But if you are worried you can reset your password inside BAEC, just go to My Executive Club / Manage My Account / Update My Personal Information / Login Details. However with so many BAEC members inhibited in making bookings at the moment, now may be a good time to take advantage of unclaimed availability.
Have other Avios partners been hit by this?
Yes, Iberia have been, Avios.com apparently not.
How do I look for or book redemptions?
If you have been zero'd then the Book with Avios or Money tab on the left side of My Executive Club may be blocked. However, you can at least check availability via Executive Club / Reward Flights / Book a Reward Flight. BAEC call centre staff are able to book redemptions for you. Remember to check that any booking fee is waived (hopefully they will do this without prompting). In other cases call centre staff have offered to put a redemption booking on "hold" pending the resolution of this issue. Alternatively if you have an Avios.com account with Avios already available there, then this maybe another way of handling this matter.
Statement of March 28 by AwardWallet.com : https://awardwallet.com/forum/viewtopic.php?f=16&t=6616&sid=28d901e85aafebb62044 609dc1a1ae7b
It's here to summarise what we know so far. It will save you the trouble of skim-reading the whole thread and should only take a minute to read. Thanks!
The very short version is:
If all your BA Avios have vanished, don't panic. They have probably been temporarily frozen by BA, not stolen by hackers.
British Airways have issued an FAQ on the issue:
http://www.britishairways.com/travel...s?p_faqid=5249
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
As of 17 hrs BST 30 March 2015, some members of FT have seen their Avios returned, as an equal Ex-Gratia credit to their account.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it's clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
Can I fix it myself?
Not at this stage. Early posts described a two part process but that no longer works, perhaps because there were too many cases. It will be necessary to reset your password if you are affected. After that you can login to your account, but at the moment those affected will still see zero Avios. Tier Points are unaffected by this incident.
Do I need to reset my password?
If you can't get into BA.com then yes. There seems to be two ways to do this:
1) If you received the email in post 181 above, follow the link to generate a new password. Note that you should double check that this is the precise same email shown in the link. There is a facility to view this email in a browser, top right, this is hosted by ed4.net
2) On the front page of BA.com -- when not logged in -- there is a "Forgotten PIN/Password" option. This should send an email to your registered account and from there you can reset your password.
There are, however, many reports of option 2 not working, although it is working for some BAEC members on some occasions. As always, check your spam box. If you can't get it to work, you can telephone the call centre (service centre) and after asking additional questions to verify identity, they can generate the email too.
I haven't received the email but I have been locked out / zero'd, what should I do?
Try to reset your password as above, and you could ring BA to find out if you need to take additional action. However the chances are that at the moment you will need to wait at least a few days until the situation becomes clearer.
I haven't been blocked, do I need to do anything?
No. But if you are worried you can reset your password inside BAEC, just go to My Executive Club / Manage My Account / Update My Personal Information / Login Details. However with so many BAEC members inhibited in making bookings at the moment, now may be a good time to take advantage of unclaimed availability.
Have other Avios partners been hit by this?
Yes, Iberia have been, Avios.com apparently not.
How do I look for or book redemptions?
If you have been zero'd then the Book with Avios or Money tab on the left side of My Executive Club may be blocked. However, you can at least check availability via Executive Club / Reward Flights / Book a Reward Flight. BAEC call centre staff are able to book redemptions for you. Remember to check that any booking fee is waived (hopefully they will do this without prompting). In other cases call centre staff have offered to put a redemption booking on "hold" pending the resolution of this issue. Alternatively if you have an Avios.com account with Avios already available there, then this maybe another way of handling this matter.
Statement of March 28 by AwardWallet.com : https://awardwallet.com/forum/viewtopic.php?f=16&t=6616&sid=28d901e85aafebb62044 609dc1a1ae7b
27 Mar: Large numbers of BAEC accounts being Locked/Zeroed Out/in Audit ('Ex-gratia')
Mar 30, 2015, 2:21 pm
#752
Join Date: Aug 2011
Location: UK
Posts: 452
27 Mar: Large numbers of BAEC accounts being Locked/Zeroed Out/in Audit ('Ex-gratia')
I am happy that all my Avios are back (must admit quicker than I was expected).
However, like many others, I have 'so far' received no communication/email regarding this at all.
To sum up, BA locked my account, taken my Avios without informing me and then quietly returned my Avios within 3 days.
However, like many others, I have 'so far' received no communication/email regarding this at all.
To sum up, BA locked my account, taken my Avios without informing me and then quietly returned my Avios within 3 days.
Mar 30, 2015, 2:31 pm
#753
Join Date: Jul 2013
Location: West Sussex
Programs: BA Gold
Posts: 897
I am happy that all my Avios are back (must admit quicker than I was expected).
However, like many others, I have 'so far' received no communication/email regarding this at all.
To sum up, BA locked my account, taken my Avios without informing me and then quietly returned my Avios within 3 days.
However, like many others, I have 'so far' received no communication/email regarding this at all.
To sum up, BA locked my account, taken my Avios without informing me and then quietly returned my Avios within 3 days.
Dear Bleachy
Following our recent communication about some unauthorised activity in relation to your Executive Club account, we are pleased to inform you that we have completed our internal audit of your account.
We are continuing to investigate this incident, which we understand was the result of a third party using information obtained elsewhere on the internet to gain access to Executive Club accounts.
At this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We also do not believe, at this stage, that any Avios have been removed from your account, so we have now lifted the precautionary suspension on your account and you are free to use it as you wish.
However, if you haven't yet changed your password as a result of last Friday's email from British Airways, please visit the British Airways website and follow the "Forgotten PIN/Password?" link, which can be found in the top right hand corner of our main home page.
We would recommend that you continue to be vigilant about any unusual or suspicious use of your personal data.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts.
We are sorry for the concern and inconvenience this matter has caused you and would like to reassure you that we are continuing to take this incident seriously.
British Airways Executive Club team
Following our recent communication about some unauthorised activity in relation to your Executive Club account, we are pleased to inform you that we have completed our internal audit of your account.
We are continuing to investigate this incident, which we understand was the result of a third party using information obtained elsewhere on the internet to gain access to Executive Club accounts.
At this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We also do not believe, at this stage, that any Avios have been removed from your account, so we have now lifted the precautionary suspension on your account and you are free to use it as you wish.
However, if you haven't yet changed your password as a result of last Friday's email from British Airways, please visit the British Airways website and follow the "Forgotten PIN/Password?" link, which can be found in the top right hand corner of our main home page.
We would recommend that you continue to be vigilant about any unusual or suspicious use of your personal data.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts.
We are sorry for the concern and inconvenience this matter has caused you and would like to reassure you that we are continuing to take this incident seriously.
British Airways Executive Club team
Mar 30, 2015, 2:43 pm
#754
Join Date: Aug 2011
Location: UK
Posts: 452
I got the following email this evening
Quote:
Dear Bleachy
Following our recent communication about some unauthorised activity in relation to your Executive Club account, we are pleased to inform you that we have completed our internal audit of your account.
We are continuing to investigate this incident, which we understand was the result of a third party using information obtained elsewhere on the internet to gain access to Executive Club accounts.
At this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We also do not believe, at this stage, that any Avios have been removed from your account, so we have now lifted the precautionary suspension on your account and you are free to use it as you wish.
However, if you haven't yet changed your password as a result of last Friday's email from British Airways, please visit the British Airways website and follow the "Forgotten PIN/Password?" link, which can be found in the top right hand corner of our main home page.
We would recommend that you continue to be vigilant about any unusual or suspicious use of your personal data.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts.
We are sorry for the concern and inconvenience this matter has caused you and would like to reassure you that we are continuing to take this incident seriously.
British Airways Executive Club team
Quote:
Dear Bleachy
Following our recent communication about some unauthorised activity in relation to your Executive Club account, we are pleased to inform you that we have completed our internal audit of your account.
We are continuing to investigate this incident, which we understand was the result of a third party using information obtained elsewhere on the internet to gain access to Executive Club accounts.
At this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We also do not believe, at this stage, that any Avios have been removed from your account, so we have now lifted the precautionary suspension on your account and you are free to use it as you wish.
However, if you haven't yet changed your password as a result of last Friday's email from British Airways, please visit the British Airways website and follow the "Forgotten PIN/Password?" link, which can be found in the top right hand corner of our main home page.
We would recommend that you continue to be vigilant about any unusual or suspicious use of your personal data.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts.
We are sorry for the concern and inconvenience this matter has caused you and would like to reassure you that we are continuing to take this incident seriously.
British Airways Executive Club team
Mar 30, 2015, 3:18 pm
#757
Join Date: Feb 2002
Location: UK
Posts: 802
Despite many attempts to reset 4 passwords none have so far resulted in an email. I have even tried standing on one leg with one hand on my head as suggested by UK1. Still nothing but have now recieved this from BA
**************
Thank you for letting us know about the difficulties you’re experiencing trying to change your password.
It should be fast and easy to do this online, so I’m very sorry it’s not worked like this for you. It is unusual for this to happen and thankfully the majority of our Members don’t have any problems. I appreciate this is little consolation for the frustration you have experienced.
I'm afraid I haven't been able to fix this for you at the moment, and I've reported the problem to our systems team who have started working on a solution to correct this.
I'll contact you again as soon as we have an update from them, but you're welcome to keep trying in the meantime.
Please accept our apologies for any inconvenience this may cause, and thank you for your patience. If we can help with anything else please get in touch and we will be happy to help.
If you would like to contact me again about this case please click on this link:
**************
am I unique? has anyone else had this email?
**************
Thank you for letting us know about the difficulties you’re experiencing trying to change your password.
It should be fast and easy to do this online, so I’m very sorry it’s not worked like this for you. It is unusual for this to happen and thankfully the majority of our Members don’t have any problems. I appreciate this is little consolation for the frustration you have experienced.
I'm afraid I haven't been able to fix this for you at the moment, and I've reported the problem to our systems team who have started working on a solution to correct this.
I'll contact you again as soon as we have an update from them, but you're welcome to keep trying in the meantime.
Please accept our apologies for any inconvenience this may cause, and thank you for your patience. If we can help with anything else please get in touch and we will be happy to help.
If you would like to contact me again about this case please click on this link:
**************
am I unique? has anyone else had this email?
I've reset my password, but no email is forthcoming for Mrs em's.
Mar 30, 2015, 3:28 pm
#759
Join Date: Sep 2011
Location: BOS
Posts: 519
"This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts.
Was there a list of BAEC account numbers out there and someone was trying to brute force? Where is this "elsewhere on the internet"? Why do they believe that? Why was my account, with its strong, unique password targeted for being locked out?
Anything less than full disclosure is unacceptable in this day and age.
Mar 30, 2015, 3:29 pm
#760
Join Date: Jan 2009
Location: LUX
Programs: BA Gold GGL, Hilton Diamond, FB Grey, Amex MR, Trop Plus Gold
Posts: 851
Mine are back, too, with the associated email, which was in line with the assertion from the GGL line that "you will have them back by Monday evening at the latest, and if there's anything we can do for you in the meantime regarding redemptions, we'll do it over the phone, where we have full access to your avios"
Mar 30, 2015, 4:40 pm
#764
Join Date: Dec 2007
Location: LON BCN SYD
Programs: BA, OZ, A3, VA, VS, DL, QF, former BD and others
Posts: 1,074
Mine are back - for mine and the other family member's accounts - we received the same email as others. The app works for me too.
The booking I have made is still not ticketed, but they said they would call to confirm this.
I just signed up to Award Wallet (had been using Superfly but not impressed with it) and Award Wallet works for me too.
The booking I have made is still not ticketed, but they said they would call to confirm this.
I just signed up to Award Wallet (had been using Superfly but not impressed with it) and Award Wallet works for me too.
Mar 30, 2015, 4:42 pm
#765
Join Date: Jul 2007
Location: Berlin
Programs: BA Gold; Accor Plat; IHG Diamond-Amb; Meliá & HH & Marriott Gold
Posts: 5,450
I agree that BA has handled many aspects of this debacle quite appallingly. I also agree that full disclosure, or something as close to full disclosure as possible without being reckless, is required as soon as possible (again without being reckless).
But in the short term is it not conceivable that some of what BA isn't saying is better not said? I'm prepared to give BA the benefit of the doubt -- on that specific aspect of this affair -- for a few more days.
But in the short term is it not conceivable that some of what BA isn't saying is better not said? I'm prepared to give BA the benefit of the doubt -- on that specific aspect of this affair -- for a few more days.