Mar 27, 2015, 9:09 am
Last edit by: corporate-wage-slave
If you are new to this thread, please read this wiki before posting a question.
It's here to summarise what we know so far. It will save you the trouble of skim-reading the whole thread and should only take a minute to read. Thanks!
The very short version is:
If all your BA Avios have vanished, don't panic. They have probably been temporarily frozen by BA, not stolen by hackers.
British Airways have issued an FAQ on the issue:
http://www.britishairways.com/travel...s?p_faqid=5249
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
As of 17 hrs BST 30 March 2015, some members of FT have seen their Avios returned, as an equal Ex-Gratia credit to their account.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it's clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
Can I fix it myself?
Not at this stage. Early posts described a two part process but that no longer works, perhaps because there were too many cases. It will be necessary to reset your password if you are affected. After that you can login to your account, but at the moment those affected will still see zero Avios. Tier Points are unaffected by this incident.
Do I need to reset my password?
If you can't get into BA.com then yes. There seems to be two ways to do this:
1) If you received the email in post 181 above, follow the link to generate a new password. Note that you should double check that this is the precise same email shown in the link. There is a facility to view this email in a browser, top right, this is hosted by ed4.net
2) On the front page of BA.com -- when not logged in -- there is a "Forgotten PIN/Password" option. This should send an email to your registered account and from there you can reset your password.
There are, however, many reports of option 2 not working, although it is working for some BAEC members on some occasions. As always, check your spam box. If you can't get it to work, you can telephone the call centre (service centre) and after asking additional questions to verify identity, they can generate the email too.
I haven't received the email but I have been locked out / zero'd, what should I do?
Try to reset your password as above, and you could ring BA to find out if you need to take additional action. However the chances are that at the moment you will need to wait at least a few days until the situation becomes clearer.
I haven't been blocked, do I need to do anything?
No. But if you are worried you can reset your password inside BAEC, just go to My Executive Club / Manage My Account / Update My Personal Information / Login Details. However with so many BAEC members inhibited in making bookings at the moment, now may be a good time to take advantage of unclaimed availability.
Have other Avios partners been hit by this?
Yes, Iberia have been, Avios.com apparently not.
How do I look for or book redemptions?
If you have been zero'd then the Book with Avios or Money tab on the left side of My Executive Club may be blocked. However, you can at least check availability via Executive Club / Reward Flights / Book a Reward Flight. BAEC call centre staff are able to book redemptions for you. Remember to check that any booking fee is waived (hopefully they will do this without prompting). In other cases call centre staff have offered to put a redemption booking on "hold" pending the resolution of this issue. Alternatively if you have an Avios.com account with Avios already available there, then this maybe another way of handling this matter.
Statement of March 28 by AwardWallet.com : https://awardwallet.com/forum/viewtopic.php?f=16&t=6616&sid=28d901e85aafebb62044 609dc1a1ae7b
It's here to summarise what we know so far. It will save you the trouble of skim-reading the whole thread and should only take a minute to read. Thanks!
The very short version is:
If all your BA Avios have vanished, don't panic. They have probably been temporarily frozen by BA, not stolen by hackers.
British Airways have issued an FAQ on the issue:
http://www.britishairways.com/travel...s?p_faqid=5249
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
As of 17 hrs BST 30 March 2015, some members of FT have seen their Avios returned, as an equal Ex-Gratia credit to their account.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it's clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
Can I fix it myself?
Not at this stage. Early posts described a two part process but that no longer works, perhaps because there were too many cases. It will be necessary to reset your password if you are affected. After that you can login to your account, but at the moment those affected will still see zero Avios. Tier Points are unaffected by this incident.
Do I need to reset my password?
If you can't get into BA.com then yes. There seems to be two ways to do this:
1) If you received the email in post 181 above, follow the link to generate a new password. Note that you should double check that this is the precise same email shown in the link. There is a facility to view this email in a browser, top right, this is hosted by ed4.net
2) On the front page of BA.com -- when not logged in -- there is a "Forgotten PIN/Password" option. This should send an email to your registered account and from there you can reset your password.
There are, however, many reports of option 2 not working, although it is working for some BAEC members on some occasions. As always, check your spam box. If you can't get it to work, you can telephone the call centre (service centre) and after asking additional questions to verify identity, they can generate the email too.
I haven't received the email but I have been locked out / zero'd, what should I do?
Try to reset your password as above, and you could ring BA to find out if you need to take additional action. However the chances are that at the moment you will need to wait at least a few days until the situation becomes clearer.
I haven't been blocked, do I need to do anything?
No. But if you are worried you can reset your password inside BAEC, just go to My Executive Club / Manage My Account / Update My Personal Information / Login Details. However with so many BAEC members inhibited in making bookings at the moment, now may be a good time to take advantage of unclaimed availability.
Have other Avios partners been hit by this?
Yes, Iberia have been, Avios.com apparently not.
How do I look for or book redemptions?
If you have been zero'd then the Book with Avios or Money tab on the left side of My Executive Club may be blocked. However, you can at least check availability via Executive Club / Reward Flights / Book a Reward Flight. BAEC call centre staff are able to book redemptions for you. Remember to check that any booking fee is waived (hopefully they will do this without prompting). In other cases call centre staff have offered to put a redemption booking on "hold" pending the resolution of this issue. Alternatively if you have an Avios.com account with Avios already available there, then this maybe another way of handling this matter.
Statement of March 28 by AwardWallet.com : https://awardwallet.com/forum/viewtopic.php?f=16&t=6616&sid=28d901e85aafebb62044 609dc1a1ae7b
27 Mar: Large numbers of BAEC accounts being Locked/Zeroed Out/in Audit ('Ex-gratia')
Mar 31, 2015, 4:06 am
#811
Join Date: Apr 2007
Location: AMS
Programs: A number, but no status no more
Posts: 3,049
Hi,
Well, I can give you the story of this lowly blue.
- Last week, noticed my zero balance.
- Changed my password.
- Today, tried to login, my password wouldn't work.
- Did the reset link, and in the reset email I saw my correct Avios balance.
- Reset my password, and all is well.
In the meantime, communications from BA: 0
Cheers,
GenevaFlyer
- Last week, noticed my zero balance.
- Changed my password.
- Today, tried to login, my password wouldn't work.
- Did the reset link, and in the reset email I saw my correct Avios balance.
- Reset my password, and all is well.
In the meantime, communications from BA: 0
Cheers,
GenevaFlyer
Mar 31, 2015, 4:25 am
#812
Ambassador, British Airways Executive Club, easyJet and Ryanair
Join Date: Sep 2011
Location: UK/Las Vegas
Programs: BA Gold (GGL/CCR)
Posts: 15,923
I haven't read the entire thread, but are there many reports of people actually having avios stolen / used for redemptions by unauthorised access ?
Given there are not many ways of emptying an avios account other than redemptions /combining, it doesn't seem the best FFP to target. The only option is to redeem. One assumes the idea would be to "sell" compromised accounts to people that were flying within the next few days.
Given there are not many ways of emptying an avios account other than redemptions /combining, it doesn't seem the best FFP to target. The only option is to redeem. One assumes the idea would be to "sell" compromised accounts to people that were flying within the next few days.
Mar 31, 2015, 4:40 am
#813
Join Date: May 2005
Location: EUR
Programs: FB Plat./BA Gold (thanks BD)/A3 *Gold/HH Diamond/A Club Gold
Posts: 918
Had the heart attack moment yesterday morning, called them (French number, probably in India somewhere), they had no idea and had not heard of any particular issues.
Today my miles are back.
Aaahhh.
Today my miles are back.
Aaahhh.
Mar 31, 2015, 5:12 am
#814
Join Date: Feb 2002
Location: UK
Posts: 802
I tried to change the registered email address to another mailbox to see if that would help, but that page rejects the first line of my home address as invalid
. Has anyone succeeded is doing this?
Mar 31, 2015, 5:30 am
#815
Join Date: Oct 2009
Location: London
Posts: 878
I had my account locked like many others. I was able to change the password and saw that my Avios balance was down to zero. Today in the morning I checked again and my balance is restored.
Well a couple of hours ago I received an email from BA; I think it was the standard email everyone received about the incident. I logged in again and everything is fine. Not looking great on BA.
Well a couple of hours ago I received an email from BA; I think it was the standard email everyone received about the incident. I logged in again and everything is fine. Not looking great on BA.
Mar 31, 2015, 6:57 am
#816
Join Date: Dec 2012
Location: Philadelphia
Programs: HH Diamond, IHG Plat, SPG & Marriott Gold, CC Silver
Posts: 541
We can't even get that far. The password reset email doesn't arrive, despite other emails from BA to the same address arriving.
I tried to change the registered email address to another mailbox to see if that would help, but that page rejects the first line of my home address as invalid. Has anyone succeeded is doing this?
I tried to change the registered email address to another mailbox to see if that would help, but that page rejects the first line of my home address as invalid
. Has anyone succeeded is doing this?Award Wallet appears to be showing a partial refund of my Avios, but I can't login from Award Wallet, so not sure if that's right. If so, BA has only refunded my recent transfer from Amex, but not the Avios I already had in the account before the transfer.
ETA: I've not received any emails of any kind from BA on this.
Mar 31, 2015, 7:40 am
#817
Join Date: Oct 2006
Location: Okinawa
Posts: 2,611
So I had 81,000 of my points taken. Tweeted BA through the weekend, like others my points are back in my account, but this is hilarious. I literally just got the first email in this whole process from BA:
I had already reset my password, etc...
British Airways has become aware of some unauthorised activity in relation to your Executive Club account.
This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.
We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.
We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.
Please visit the British Airways website and follow the "Forgotten PIN/Password?" link, which can be found in the top right hand corner of our main home page.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.
Once again we are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.
British Airways Executive Club team
This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.
We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.
We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.
Please visit the British Airways website and follow the "Forgotten PIN/Password?" link, which can be found in the top right hand corner of our main home page.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.
Once again we are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.
British Airways Executive Club team
Mar 31, 2015, 7:53 am
#818
Join Date: Jan 2010
Posts: 126
Mar 31, 2015, 8:27 am
#819
Join Date: Aug 2009
Location: RDU
Programs: A few
Posts: 5,499
I had one email this morning for one of the five accounts affected.
Email never mentioned anything about how the points balance had been zeroed out.
It's been a while since I've hung out in the BAEC forum but had almost forgotten how comically apologetic some of you are for your great mothership. But their handling of this debacle has been nothing short of appalling.
Of course I am sure they sent out detailed emails to all the other accounts, they just went to my spam or I deleted them or something....
Email never mentioned anything about how the points balance had been zeroed out.
It's been a while since I've hung out in the BAEC forum but had almost forgotten how comically apologetic some of you are for your great mothership. But their handling of this debacle has been nothing short of appalling.
Of course I am sure they sent out detailed emails to all the other accounts, they just went to my spam or I deleted them or something....
Mar 31, 2015, 8:56 am
#821
Suspended
Join Date: Jan 2004
Location: UK
Posts: 11,969
I don't bleedin' believe it! 
I've just received 7 emails for each of the HHA accounts including me and the wife's warning me that "British Airways has become aware of some unauthorised activity in relation to your Executive Club account........" timed at 14:14 today .....
You couldn't make it up.
I've just received 7 emails for each of the HHA accounts including me and the wife's warning me that "British Airways has become aware of some unauthorised activity in relation to your Executive Club account........" timed at 14:14 today .....
You couldn't make it up.
Mar 31, 2015, 9:13 am
#823
Join Date: Nov 2011
Location: London
Programs: BA Gold
Posts: 4,028
I had one email this morning for one of the five accounts affected.
Email never mentioned anything about how the points balance had been zeroed out.
It's been a while since I've hung out in the BAEC forum but had almost forgotten how comically apologetic some of you are for your great mothership. But their handling of this debacle has been nothing short of appalling.
Of course I am sure they sent out detailed emails to all the other accounts, they just went to my spam or I deleted them or something....
Email never mentioned anything about how the points balance had been zeroed out.
It's been a while since I've hung out in the BAEC forum but had almost forgotten how comically apologetic some of you are for your great mothership. But their handling of this debacle has been nothing short of appalling.
Of course I am sure they sent out detailed emails to all the other accounts, they just went to my spam or I deleted them or something....
As was pointed out to you yesterday when you were insisting them saying that the sending of emails was "a blatant lie" (your words), nobody has been an apologist and everyone has said the handling has been terrible.
I would love to know how their email system works. One of the things I'm ultimately responsible for at work our various email systems, and talking to my guy who manages our bulk mailer (who is still waiting for his first email about this from BA), neither of us can understand how it's taken them so long to process these mails. But I suspect the vagueries of BA's IT are a mystery to all, including BA
Mar 31, 2015, 9:18 am
#824
Join Date: Mar 2012
Location: BHX
Programs: BA GGL CCR GfL, SQ Gold, Hyatt Glob, HH Diamond, Marriott Plat, Cafe Nero Loyalty Card (7 Stamps)
Posts: 7,328
As was pointed out to you yesterday when you were insisting them saying that the sending of emails was "a blatant lie" (your words), nobody has been an apologist and everyone has said the handling has been terrible.
I would love to know how their email system works. One of the things I'm ultimately responsible for at work our various email systems, and talking to my guy who manages our bulk mailer (who is still waiting for his first email about this from BA), neither of us can understand how it's taken them so long to process these mails. But I suspect the vagueries of BA's IT are a mystery to all, including BA
I would love to know how their email system works. One of the things I'm ultimately responsible for at work our various email systems, and talking to my guy who manages our bulk mailer (who is still waiting for his first email about this from BA), neither of us can understand how it's taken them so long to process these mails. But I suspect the vagueries of BA's IT are a mystery to all, including BA
Mar 31, 2015, 9:22 am
#825
Suspended
Join Date: Jan 2004
Location: UK
Posts: 11,969
I would love to know how their email system works. One of the things I'm ultimately responsible for at work our various email systems, and talking to my guy who manages our bulk mailer (who is still waiting for his first email about this from BA), neither of us can understand how it's taken them so long to process these mails. But I suspect the vagueries of BA's IT are a mystery to all, including BA
BA is a very caring company and want to look after their passengers and they knew how upset I'd be when given this news. Most people don't check all their banking accounts and FF accounts every day do they, so it was a good call.
So they waited until after they had sorted it all out and then sent them. Very thoughtful. Or perhaps they are just over their monthly broadband limit.
