Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > British Airways | Executive Club
Reload this Page >

Executive Club [Account] Hacked... what's next?

Executive Club [Account] Hacked... what's next?

Old Jun 22, 17, 1:06 pm
  #1  
Original Poster
 
Join Date: Aug 2015
Location: Amsterdam
Programs: Hilton Honors Diamond, BA Silver
Posts: 237
Executive Club [Account] Hacked... what's next?

I've done the obvious (ie. call BA, account blocked).

Has anyone else had this happen to them? If so - is this process quite straight forward and pain free?
CarefreeBA is offline  
Old Jun 22, 17, 1:09 pm
  #2  
 
Join Date: Feb 2010
Location: London
Programs: BA GGL (98% to Lifetime Gold), SPG convert from IHG (and Marriott fan now!)
Posts: 4,826
Originally Posted by james_yuen View Post
I've done the obvious (ie. call BA, account blocked).

Has anyone else had this happen to them? If so - is this process quite straight forward and pain free?
sorry to hear. Believe your account may get put into audit and won't be able to make redemptions until resolved. Out of interest was there a redemption made? Seem to recall a Russian angle to many previous reports
lorcancoyle is offline  
Old Jun 22, 17, 1:16 pm
  #3  
Original Poster
 
Join Date: Aug 2015
Location: Amsterdam
Programs: Hilton Honors Diamond, BA Silver
Posts: 237
Originally Posted by lorcancoyle View Post
sorry to hear. Believe your account may get put into audit and won't be able to make redemptions until resolved. Out of interest was there a redemption made? Seem to recall a Russian angle to many previous reports
Yes, a redemption was made (I won't disclose any details for now). I'm not in a rush to make any redemptions so that's fine.
CarefreeBA is offline  
Old Jun 22, 17, 1:25 pm
  #4  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 15,920
Just be prepared to be patient. This has been reported here a few times. It may take a few weeks, but it will get sorted eventually.
DYKWIA is offline  
Old Jun 22, 17, 1:37 pm
  #5  
 
Join Date: Mar 2014
Location: BOS/MAN
Programs: BAEC Gold
Posts: 168
I'd recommend changing your passwords, especially any that may have been the same or similar to your BAEC account. Always a good idea to change your email password as well, just in case. Hope this is resolved quickly for you.
ObscuredByClouds is offline  
Old Jun 22, 17, 1:41 pm
  #6  
 
Join Date: Aug 2012
Location: BHD
Posts: 133
My account was hacked a couple of years ago with a few Russian redemptions made. I had to make a few calls to BA before someone actually took ownership and did something about it. One of the booked flights was less than T-24...

It took about 6 weeks 33 days for the audit to take place. BA did say I could still make redemptions during that time but they had to be made by phone. (I don't know how true or easy that would have been as I didn't need to make any.) You can still earn avios during the audit...they are just debited out a day or so after they arrive. And all returned once the audit is complete.

Last edited by paul78; Jun 22, 17 at 1:51 pm
paul78 is offline  
Old Jun 22, 17, 1:55 pm
  #7  
 
Join Date: Feb 2007
Programs: BA Silver, Hilton Diamond
Posts: 278
Got done in February for over 700k Avios on a hotel booking in Budapest with some very dodgy Russian names on the reservation. Took 2 months to sort out got the Avios back but strangely the hotel booking didnt get cancelled! Seems to happen alot and the password was very complicated so hard to think it was compromised...
LeeT is offline  
Old Jun 22, 17, 1:58 pm
  #8  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 91,886
Originally Posted by ObscuredByClouds View Post
I'd recommend changing your passwords, especially any that may have been the same or similar to your BAEC account. Always a good idea to change your email password as well, just in case. Hope this is resolved quickly for you.
Definitely change the email password and also any accounts that might be discoverable from your email account. You'll need to watch everything carefully for a while.

Did you ever get an email notification that the password on your account was changed or were the scammers happy to use the passwords you selected?
MSPeconomist is offline  
Old Jun 22, 17, 2:31 pm
  #9  
formerly maskelo
 
Join Date: Feb 2008
Posts: 238
Originally Posted by MSPeconomist View Post
Definitely change the email password and also any accounts that might be discoverable from your email account. You'll need to watch everything carefully for a while.

Did you ever get an email notification that the password on your account was changed or were the scammers happy to use the passwords you selected?

+1 would be curious to know as well...and good luck on this rather annoying journey
bestuseofpoints is offline  
Old Jun 22, 17, 3:34 pm
  #10  
Original Poster
 
Join Date: Aug 2015
Location: Amsterdam
Programs: Hilton Honors Diamond, BA Silver
Posts: 237
Originally Posted by bestuseofpoints View Post
+1 would be curious to know as well...and good luck on this rather annoying journey
No. (Luckily?) My passwords for my email, Facebook etc are two-factor authentication (@BA: Maybe you could introduce this?) and they haven't touched anything else yet.

To everyone else: thanks for sharing your experiences. At least I have a time scale of how things would progress. When I called them up, they said 48 hours which I thought was too good to be true....
CarefreeBA is offline  
Old Jun 23, 17, 7:02 am
  #11  
 
Join Date: Sep 2015
Location: YYZ (ex-LHR)
Programs: BA Silver, VS Red, OZ Silver
Posts: 446
It happened to me. Hacker changed the account email address so I couldn't see anything. Called immediately.

Took a lifetime to get resolved, and when it was unlocked, I had to call again because the hacker changed the country to Norway and I couldn't change it back online.

Very friendly call centre agent remarked 'it's amazing what hackers can do nowadays'. I mentioned how it's not particularly difficult when something so valuable doesn't have two-factor authorisation.

I'm sure two-factor will come at some point around 2030. We'll get TSA-Precheck around that time, too.
Skatering is offline  
Old Jun 23, 17, 7:30 am
  #12  
 
Join Date: Aug 2012
Posts: 2,676
While I'd appreciate two factor - I'd really want it either a) with a good remember me function as per google's gmail or b) only at the point of purchase.

I login too often to be confronted by 'enter this value from sms/authenticator' every single time.

However, due to PCI compliance - I'm pretty sure a) couldn't be done without also doing b) anyway.
MPH1980 is offline  
Old Jun 23, 17, 8:25 am
  #13  
 
Join Date: Oct 2009
Location: ARN
Programs: SK EBG, BAEC Gold, LH FTL, FBP, CCG, HH Diamond
Posts: 1,533
Originally Posted by MPH1980 View Post
While I'd appreciate two factor - I'd really want it either a) with a good remember me function as per google's gmail or b) only at the point of purchase.

I login too often to be confronted by 'enter this value from sms/authenticator' every single time.

However, due to PCI compliance - I'm pretty sure a) couldn't be done without also doing b) anyway.
Not sure why PCI compliance would come into play when one increases security. Doesn't that mostly have to do with how you manage credit card information?

Anyhow, there are some 2FA solutions that are better than others. World of Warcraft has one of the best ones around if you ask me - it remembers you most of the time but when you do need to log in, you just have to click a button in the app on you phone to confirm your identity - no need to type any codes. Not sure why noone else has done that, but that is how you want it to work and I really wish BA would give us the option to use 2FA.
agehall is offline  
Old Jun 23, 17, 8:42 am
  #14  
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
 
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 48,236
Originally Posted by james_yuen View Post
No. (Luckily?) My passwords for my email, Facebook etc are two-factor authentication (@BA: Maybe you could introduce this?) and they haven't touched anything else yet.
Do you have a theory as to how the hackers got in to your account? For example is the password for BAEC used elsewhere? I agree that two factor is a better way to go.
corporate-wage-slave is offline  
Old Jun 23, 17, 9:58 am
  #15  
 
Join Date: Feb 2016
Posts: 3
Happened about 2 months ago - email change, which I was alerted to by email, but wanted to view the email in Outlook, rather than via via a mobile device to check that the links in it were valid...
Hack looks like they combined avios, and made hotel redemption to empty the account out.
Took just under 2 weeks to fully resolve and get accounts back under control.

If its an email change be really clear with them that it is an unauthorised change, and that you aren't in control of the email account its been changed to (and that therefore the change email form route is not appropriate).
Only then did it get escalated the following day when I could see that it had been emptied, and the account locked... And between the email reset being requested, the hotel redemption had been made too!

All points refunded, but only after going through "audit" process, and being crystal clear that family account members had not made the bookings.
The interesting question is what checks are made against the data/information supplied during the "change email address" form. Do they just need account number/email address to effect the change?
radders is offline  

Thread Tools
Search this Thread
Search Engine: