Exec Club account hacked - Avios gone
#16
Original Poster
Join Date: Mar 2012
Location: London, UK
Programs: BA Gold, Hilton Honors Lifetime Diamond
Posts: 69
Hi guys,
Just to report a very satisfactory outcome. BA took proactive action to lock my account, investigated and re-posted my Avios within 24 hours.
They also helpfully told me that 10 websites on which my email address had been registered had suffered data breaches, and that I can check the details on a website called haveibeenpwned.com. A lesson to never re-use passwords And to regularly change them I think!
Cheers,
Adam
Just to report a very satisfactory outcome. BA took proactive action to lock my account, investigated and re-posted my Avios within 24 hours.
They also helpfully told me that 10 websites on which my email address had been registered had suffered data breaches, and that I can check the details on a website called haveibeenpwned.com. A lesson to never re-use passwords And to regularly change them I think!
Cheers,
Adam
#17
Join Date: Dec 2001
Posts: 1,034
I'm hoping that the wine transaction was halted and British Airways isn't losing out on this.
Here's a slightly awkward question @adamgilbride;
Had British Airways lost out financially, what would be the right way to deal with it? The Executive Club account wasn't breached because of a British Airways security failure but because you have used the same password and username on several different sites which is your security failure. Should you be compensating British Airways for their loss?
One thing I think British Airways should do is implement multifactor authentication so that those of us who wish to may use it to protect our accounts. I already protect my account with a unique email and a unique long random password but I still don't feel it's good enough.
Here's a slightly awkward question @adamgilbride;
Had British Airways lost out financially, what would be the right way to deal with it? The Executive Club account wasn't breached because of a British Airways security failure but because you have used the same password and username on several different sites which is your security failure. Should you be compensating British Airways for their loss?
One thing I think British Airways should do is implement multifactor authentication so that those of us who wish to may use it to protect our accounts. I already protect my account with a unique email and a unique long random password but I still don't feel it's good enough.
#18
Join Date: Jan 2018
Location: London
Programs: BAEC Gold, Accor Live Limitless Gold, Hilton Honours Gold, Avis Preferred Plus
Posts: 1,806
One thing I think British Airways should do is implement multifactor authentication so that those of us who wish to may use it to protect our accounts. I already protect my account with a unique email and a unique long random password but I still don't feel it's good enough.
#19
Join Date: Oct 2015
Location: Vale of Glamorgan
Programs: BAEC Gold
Posts: 2,991
Realistically, though, there is little chance of BA introducing such security, and it is our responsibility to protect our accounts with strong and unique passwords. There is really no excuse now for anyone not being aware of the dangers of using the same email address and password on multiple websites.
#20
Join Date: Dec 2001
Posts: 1,034
* note that Qantas only supports SMS second factor authentication which is insecure and is no longer recommended by NIST. I've included Qantas because they've made some effort to improve security, even if it's not up to current standards. BA has made zero effort.
#22
Join Date: Oct 2015
Location: Vale of Glamorgan
Programs: BAEC Gold
Posts: 2,991
#23
Join Date: Dec 2013
Location: Near the Beach.
Posts: 202
I'm hoping that the wine transaction was halted and British Airways isn't losing out on this.
Here's a slightly awkward question @adamgilbride;
Had British Airways lost out financially, what would be the right way to deal with it? The Executive Club account wasn't breached because of a British Airways security failure but because you have used the same password and username on several different sites which is your security failure. Should you be compensating British Airways for their loss?
Here's a slightly awkward question @adamgilbride;
Had British Airways lost out financially, what would be the right way to deal with it? The Executive Club account wasn't breached because of a British Airways security failure but because you have used the same password and username on several different sites which is your security failure. Should you be compensating British Airways for their loss?
#24
Join Date: Dec 2013
Location: Near the Beach.
Posts: 202
Hi guys,
Just to report a very satisfactory outcome. BA took proactive action to lock my account, investigated and re-posted my Avios within 24 hours.
They also helpfully told me that 10 websites on which my email address had been registered had suffered data breaches, and that I can check the details on a website called haveibeenpwned.com. A lesson to never re-use passwords And to regularly change them I think!
Cheers,
Adam
Just to report a very satisfactory outcome. BA took proactive action to lock my account, investigated and re-posted my Avios within 24 hours.
They also helpfully told me that 10 websites on which my email address had been registered had suffered data breaches, and that I can check the details on a website called haveibeenpwned.com. A lesson to never re-use passwords And to regularly change them I think!
Cheers,
Adam
#26
Join Date: Jan 2007
Posts: 100
If it's of any help to anyone I find it really helpful to use https://1password.com/ and have a different password for every account bar a few throw away ones. For certain sites I have bespoke email addresses that I only ever use with that supplier.
#27
Moderator: British Airways Executive Club
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
If it's of any help to anyone I find it really helpful to use https://1password.com/ and have a different password for every account bar a few throw away ones. For certain sites I have bespoke email addresses that I only ever use with that supplier.
#28
Join Date: Jan 2018
Location: London
Programs: BAEC Gold, Accor Live Limitless Gold, Hilton Honours Gold, Avis Preferred Plus
Posts: 1,806
If it's of any help to anyone I find it really helpful to use https://1password.com/ and have a different password for every account bar a few throw away ones. For certain sites I have bespoke email addresses that I only ever use with that supplier.
I’m with you on that. It’s a great product. I also maintain my own personal domain and can use any email address in front of the domain and everything comes into my inbox so I can choose different email addresses for any site if I want to. This also makes it really easy to mark stuff as junk based on the incoming email address.
#29
Join Date: Dec 2001
Posts: 1,034
No, it certainly wasn't the OP's fault that the password he used on a particular site was compromised but it absolutely was down to him that he used the same password across multiple sites. That's what ultimately allowed someone to access his BAEC account and use his Avios. If you are certain that's not his responsibility, please say whose it is. I'll give you a hint; it's not BA's.
Do you also, by any chance, use the same password across multiple sites and expect someone else to pick up the pieces when your password gets compromised? Inquiring minds want to know.