300,000 miles stolen from my Avios BA account

Reply Subscribe

Thread Tools

Search this Thread

Jan 17, 2017, 10:01 am

#16

HIDDY

A FlyerTalk Posting Legend

Join Date: Aug 2006

Location: Argentina

Posts: 40,210

Russians at it again....does Trump have a hotel in Hungary?

Jan 17, 2017, 10:25 am

#17

yorweb

Join Date: Oct 2004

Location: York

Programs: Falconflyer Gold

Posts: 485

Seems to me there is a lack of security safeguards here because if there was a booking on the account, surely this should have generated an email to the account holder as a booking confirmation. I appreciate the hacker could have changed the user's email address but that action should have also generated an email to the original email address.

Jan 17, 2017, 10:51 am

#18

AAtticus

Join Date: Dec 2013

Programs: QRPC Platinum, KFEG

Posts: 999

I can't believe BA still haven't implemented two factor authentication yet.

Jan 17, 2017, 11:09 am

#19

Getafix

Join Date: Jul 2008

Location: London

Programs: BA Blue, Hyatt, Marriot, HHonors

Posts: 378

Avoid having the same Username/Password Combination on different websites. As soon as one account is hacked, chances are many more will be.

Jan 17, 2017, 11:10 am

#20

jamesreid978

Join Date: Oct 2013

Location: Dubai

Programs: BAEC Gold

Posts: 396

Quote:

Originally Posted by Concerto

I do hope this gets sorted out. Frequent traveller accounts seem to be particularly prone to this these days. I keep an eye on mine at least twice a week. Watch out for your IHG Rewards accounts too, with their silly 1980s four digit passwords.

My IHG got hacked on Boxing Day, had just over 500,000 points spent on iTunes vouchers. I got them all back last week and a new account, thankfully. Their password system is shocking, only 10,000 combinations.

Jan 17, 2017, 11:51 am

#21

markle

Join Date: Jul 2009

Posts: 561

If you use a web-accessible email (e.g. gmail), I'd also strongly encourage you to set up two-factor authentication - more info at https://www.google.com/landing/2step/

If someone gets into your email they can very easily get information such as your exec card number (and other FT programmes), giving them a treasure trove of information to exploit. They can also easily perform password resets on these accounts and very quickly cover their tracks by deleting notifications.

Jan 17, 2017, 12:12 pm

#22

SanDiego1K

Community Director Emerita

Join Date: Oct 2000

Location: Anywhere warm

Posts: 33,745

I'm so sorry to hear about this. What a shock.

I use AwardWallet and check my balances every day. It's an early warning system should any of my points accounts get hacked.

Jan 17, 2017, 12:25 pm

#23

ppp909

Join Date: May 2014

Posts: 740

Quote:

Originally Posted by AAtticus

I can't believe BA still haven't implemented two factor authentication yet.

I can believe it. They're not renowned for having cutting edge IT. They should have done this instead of the terrible web site refresh.

Jan 17, 2017, 12:47 pm

#24

obduro

Join Date: Feb 2015

Location: London

Programs: BAEC Silver, SPG Gold, Hilton Gold, Melia Gold, Shangri-La Jade, BA Amex PP, Iberia+, Nandos Card

Posts: 1,523

Quote:

Originally Posted by markle

If someone gets into your email they can very easily get information such as your exec card number (and other FT programmes), giving them a treasure trove of information to exploit. They can also easily perform password resets on these accounts and very quickly cover their tracks by deleting notifications.

This happened to me - hackers got my Amex details and email address and casually deleted nine confirmation emails about PlayStations and Xboxes they had ordered from my inbox...

if there is an option for TFA on your email, it is worth the minor inconvenience. Do it.

Jan 17, 2017, 1:44 pm

#25

CloudGazer

Join Date: Oct 2015

Location: London

Programs: BAEC Gold, Hotels.com Gold

Posts: 576

Quote:

Originally Posted by AAtticus

I can't believe BA still haven't implemented two factor authentication yet.

This.

Jan 17, 2017, 4:32 pm

#26

Concerto

FlyerTalk Evangelist

Join Date: Feb 2002

Location: Montreux CH

Programs: FB Platinum, M&M FTL, BA Blue

Posts: 11,620

Quote:

Originally Posted by corporate-wage-slave

I am glad I'm not alone in my views on that.

I think even a monkey would agree with you. My opinion about the internet, anyway, is that it's totally crap technology that a child of 3 could hack. We desperately need something new.

Jan 17, 2017, 5:27 pm

#27

ShuttleRunner

Join Date: Jul 2016

Location: London

Programs: BA LtG, Flying Blue Plat

Posts: 274

It has happened to me too before, I wouldn't say that my password was weak or used by me on other websites, it's just one of those things. I keep my Avios between BA/IB and the Avios website incase it happens again and I need a last minute redemption or priority award.

Jan 17, 2017, 10:37 pm

#28

agehall

Join Date: Oct 2009

Location: ARN

Programs: SK EBG, BAEC Gold, LH FTL, FBP, CCG, HH Diamond

Posts: 1,533

Quote:

Originally Posted by Flyiboy

Sorry to hear this.. It is scary. This is why I change my password once a month. It may sound a bit on the OCD side but it works for me...

Absolutely no need to do that. Just use strong passwords and change them maybe once a year.

Quote:

Originally Posted by AAtticus

I can't believe BA still haven't implemented two factor authentication yet.

I agree. Is there any airline/hotel chain that has done this yet?

Jan 17, 2017, 11:09 pm

#29

Bretteee

Original Poster

Join Date: Dec 2001

Posts: 3,181

Quote:

Originally Posted by HIDDY

Russians at it again....does Trump have a hotel in Hungary?

LOL well at least sounds East Europeanish to me. Some Hungarian chain hotel in some resort town I never heard of. It seems they use miles for hotel stays a lot; not for air travel.

The hotel only charges $47 a night. 300,000 miles must have bought them quite a few rooms or they spent a long time there. They must have invited the whole family; aunts, uncles, cousins, grandmas, grandpas.