DYKWIA

Indeed. Although, every time I seem to tell people this, they just say "ooo, that sounds too complicated".

krispy84

I read to page 4 of this thread then gave up.

Perfect example, IMHO, of how BA are damned if they do and damned if they don’t.

PUCCI GALORE

Yes, it worked fine this morning. Last night was an hour of my life that I will never see again. I have better ways to waste my time that fight a system that is overloaded. My indifference over Star Allowance accounts is almost total. Had I known that when I got the mail, I would have left matters alone. Instead of which I, like several of you went through a degree of concern that was totally misplaced. I do have a *A account with only a few Air New Zealand and Turkish domestic flights that have been registered.

As we have often agreed, IT is a running sore on the side of BA. This is not a one off by any means.

Alan T

Could not manage to do it this morning, will try again later this weekend.

Maybe it's just a ruse to get us all to change passwords given the potential vulnerability that the Nectar tie up has highlighted? 😉

kanderson1965

I was another one that was unable to update my password using my BAEC account number, but was able to do so using my email address. I wonder if this is a deliberate ploy to discourage logging in using your BAEC account number, similar to when they got rid of the PIN and replaced it with a password a few years ago.

Delboy65

Had the email and before reacting to it thought I'd see if the topic had come up here yet!

Having had scan of the first few pages then the last, I thought I'd check out my BAEC account

No problem logging in to ba.com using my existing credentials. Nor any problems accessing my details via the app either.

At moment am not planning on changing my PW as it is unique to my BA account anyway

AJA_

I suspect BA may be trying to discourage using BAEC number as ID to log in as it is shared with Nectar as the link between both. If the BAEC number is now in the hands of the SITA hackers then all they need is to guess your password to access your BAEC account - hence the need to change passwords to access BAEC. BA has also disabled online Avios to Nectar transfers until they install 2FA to protect everyone from losing Avios. Seems a sensible approach to me despite the FUBAR most here seem to have experienced.

That said I can still log in using my BAEC number although I did also change my password yesterday just in case despite not receiving the email (still haven't received it either).

Protocol7

This is the response I’ve received and I can now finally access my account again.

Dear Mr Protocol7

Thank you for your email,

I am very sorry you’ve been affected by the date breach at SITA. When we sent the emails to members due to the high volume of travel on the website, there was an error in resetting passwords. We have now been informed that this has been rectified and you would be able to log into her account. You can either do this with your old details and it will ask you to reset you password if it failed the first time or you can log in with your new details the system will allow you to log in successfully.

If this fails, we would need to escalated it to our back office and they will be able to manually send you a new reset password email. Please can you advise us if you cannot log in further.

I am very sorry for the inconvenience this has caused you.


Thank you for writing to The Club

Please feel free to let us know if we can help you with anything else.
Kind regards
Leila
British Airways Executive Club

SKRan

LH was the first to send the mail. They did not name SITA, and they said a star alliance partner is this provider's partner.
The next day CX and SQ sent emails - interestingly CX named SITA and said some of oneworld partners use SITA PSS. SQ also said it's a star alliance partner with SITA.
Today I have A3, BA, UA and AA.

Confus

I understand this wasn’t a ‘hack’ attack as such, but a complex piece of phishing where a scammer convinced an airline employee to provide access to a database. If true, this would explain why many airlines have panicked so much... as they won’t be sure exactly what else they might have. At least with an API scam you can download the logs and work out what was lost.

britenbsas

I was able to log in as normal to 3 family BAEC accounts and changed the passwords on them all as a precaution. No notifcations received as a result. As a basic security measure, I would expect an email alerting me that the password on the account has been changed but nothing received for any of them

Globaliser

Welcome to FT! Are you new around here?

FWIW, with the benefit of reading the early advice on this thread, early yesterday evening I successively changed the passwords on our (two) accounts, asking for a verification email at the appropriate point. It took about two minutes for each account. Afterwards, login was only possible by email address, but again the advice on this thread was also useful for knowing that. (And BAEC number login is back today.) So a big thank you to the early participants here.

omaygat

A reset request does not show any information, it just says a password reset email has been sent. If my email account were to be compromised someone seeing my BA status and avios tally would be the least of my worries. Or are you talking about your secret API?

Ancient Observer

Logged in quickly and easily this morning for password change. Also looked up an Avios flight. If anything, the site appeared to me to be quicker than usual. From UK using Firefox.

Akoz

Less traffic due to all the people that can't login.