300,000 miles stolen from my Avios BA account
#17
Join Date: Oct 2004
Location: York
Programs: Falconflyer Gold
Posts: 485
Seems to me there is a lack of security safeguards here because if there was a booking on the account, surely this should have generated an email to the account holder as a booking confirmation. I appreciate the hacker could have changed the user's email address but that action should have also generated an email to the original email address.
#20
Join Date: Oct 2013
Location: Dubai
Programs: BAEC Gold
Posts: 396
My IHG got hacked on Boxing Day, had just over 500,000 points spent on iTunes vouchers. I got them all back last week and a new account, thankfully. Their password system is shocking, only 10,000 combinations.
#21
Join Date: Jul 2009
Posts: 561
If you use a web-accessible email (e.g. gmail), I'd also strongly encourage you to set up two-factor authentication - more info at https://www.google.com/landing/2step/
If someone gets into your email they can very easily get information such as your exec card number (and other FT programmes), giving them a treasure trove of information to exploit. They can also easily perform password resets on these accounts and very quickly cover their tracks by deleting notifications.
If someone gets into your email they can very easily get information such as your exec card number (and other FT programmes), giving them a treasure trove of information to exploit. They can also easily perform password resets on these accounts and very quickly cover their tracks by deleting notifications.
#23
Join Date: May 2014
Posts: 740
#24
Join Date: Feb 2015
Location: London
Programs: BAEC Silver, SPG Gold, Hilton Gold, Melia Gold, Shangri-La Jade, BA Amex PP, Iberia+, Nandos Card
Posts: 1,523
If someone gets into your email they can very easily get information such as your exec card number (and other FT programmes), giving them a treasure trove of information to exploit. They can also easily perform password resets on these accounts and very quickly cover their tracks by deleting notifications.
if there is an option for TFA on your email, it is worth the minor inconvenience. Do it.
#26
FlyerTalk Evangelist
Join Date: Feb 2002
Location: Montreux CH
Programs: FB Platinum, M&M FTL, BA Blue
Posts: 11,620
#27
Join Date: Jul 2016
Location: London
Programs: BA LtG, Flying Blue Plat
Posts: 274
It has happened to me too before, I wouldn't say that my password was weak or used by me on other websites, it's just one of those things. I keep my Avios between BA/IB and the Avios website incase it happens again and I need a last minute redemption or priority award.
#28
Join Date: Oct 2009
Location: ARN
Programs: SK EBG, BAEC Gold, LH FTL, FBP, CCG, HH Diamond
Posts: 1,533
I agree. Is there any airline/hotel chain that has done this yet?
#29
Original Poster
Join Date: Dec 2001
Posts: 3,181
LOL well at least sounds East Europeanish to me. Some Hungarian chain hotel in some resort town I never heard of. It seems they use miles for hotel stays a lot; not for air travel.
The hotel only charges $47 a night. 300,000 miles must have bought them quite a few rooms or they spent a long time there. They must have invited the whole family; aunts, uncles, cousins, grandmas, grandpas.
The hotel only charges $47 a night. 300,000 miles must have bought them quite a few rooms or they spent a long time there. They must have invited the whole family; aunts, uncles, cousins, grandmas, grandpas.