SkyMiles Account hacked today
Mar 3, 2016, 12:51 am
#16
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,413
Over the past 5 months I have been repeatedly hit by identity theft, most recently again a few days ago. I changed all my passwords (again-sigh) yesterday and have removed all credit card information from websites that store them. I was surprised at how many hotel, rental car, airline and department store websites put me through the wringer just to make the password change. Most of them send a text providing a code you have to enter back at the website, all before the change is made. Immediately after the change was made I received emails notifying me, so it seems they are all tightening up their security. Interesting note that Delta was the only website that wouldn't allow characters in my password to make it more secure....
I wish so much you could see these rules when entering the password as this would make it easier for me to remember the variation that I'm using for some particular program.
Mar 3, 2016, 12:53 am
#17
Join Date: Feb 2014
Location: Phoenix
Programs: DL Diamond,1.8 MM; AA Gold
Posts: 189
The OP's gesture of warning others is appreciated. If you haven't been the recipient of a huge breach in security and identity theft, it's easy to minimize it. Just using strong passwords and safe internet practices aren't always enough. I've learned after multiple non-internet related breaches of my bank accounts, that you do have to be diligent and check every financial or online account you have, every day if you want to keep your money in your own pocket.
Mar 3, 2016, 12:59 am
#18
Join Date: Feb 2014
Location: Phoenix
Programs: DL Diamond,1.8 MM; AA Gold
Posts: 189
IIRC Marriott says no characters, but I've been told that you really can use them in passwords. It requires capital letter, lower case letter, and number according to the rules you see when you pick the password--pick one that Marriott doesn't like, which is also a bit different from some of the password requirements for other programs.
Marriott must have changed policy because I did use a character (a very common one, but a character) yesterday.
I wish so much you could see these rules when entering the password as this would make it easier for me to remember the variation that I'm using for some particular program.
Marriott must have changed policy because I did use a character (a very common one, but a character) yesterday.
I wish so much you could see these rules when entering the password as this would make it easier for me to remember the variation that I'm using for some particular program.
Mar 3, 2016, 3:12 am
#19
Join Date: May 2004
Location: SDF
Programs: DL:360/DM/6 MMer; Bonvoy: Lifetime Titanium 10+M pts, 3100+ nights;
Posts: 1,441
On a computer, a "character" is a letter or a number. (Some will argue only a letter.) I'm sure that Delta's and every other web site allows a character. What they don't allow are commonly referred to as "symbols" or "punctuation" such as "%" or "!" or similar.
Next, we'll study glyphs.
Last edited by DL-Don; Mar 3, 2016 at 3:22 am
Mar 3, 2016, 7:43 am
#20
FlyerTalk Evangelist
Join Date: Nov 2000
Location: Nashville -Past DL Plat, FO, WN-CP, various hotel programs
Programs: DL-MM, AA, SW w/companion,HiltonDiamond, Hyatt PLat, IHF Plat, Miles and Points Seeker
Posts: 11,072
One of the best methods any company can use is to notify you when changes are made. to the OLD email address.
Of course, if somebody is also in your email account, then can delete that email before you can see it.
Still, notification is a big stumbling block for hackers. And those that require a code be sent to you before changing the email is great as well. Mine is set to my phone vs email making it even harder for hackers. Not impossible, just more difficult.
Of course, if somebody is also in your email account, then can delete that email before you can see it.
Still, notification is a big stumbling block for hackers. And those that require a code be sent to you before changing the email is great as well. Mine is set to my phone vs email making it even harder for hackers. Not impossible, just more difficult.
Nov 12, 2016, 9:05 pm
#21
Join Date: May 2009
Location: South Park, CO
Programs: Tegridy Elite
Posts: 5,678
My wife just had something similar happen the other day - saw an email that her profie had been updated (which she hadn't done). Turns out someone got into her account and spent miles. She contacted Delta, and they said they won't reinstate the miles or do anything, because it's not their fault she gave her password to someone
FWIW the password was about as strong as Delta will allow it to be. Pretty frustrated they're blowing off a fraudulent redemption that was promptly reported.
FWIW the password was about as strong as Delta will allow it to be. Pretty frustrated they're blowing off a fraudulent redemption that was promptly reported.
Nov 12, 2016, 10:23 pm
#22
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,413
My wife just had something similar happen the other day - saw an email that her profie had been updated (which she hadn't done). Turns out someone got into her account and spent miles. She contacted Delta, and they said they won't reinstate the miles or do anything, because it's not their fault she gave her password to someone
FWIW the password was about as strong as Delta will allow it to be. Pretty frustrated they're blowing off a fraudulent redemption that was promptly reported.
FWIW the password was about as strong as Delta will allow it to be. Pretty frustrated they're blowing off a fraudulent redemption that was promptly reported.
I'd try to escalate regarding the decision not to return the miles. It shouldn't be possible to make an address change and then immediately order a bunch of stuff to be sent to the new address.
Nov 13, 2016, 1:04 am
#23
FlyerTalk Evangelist
Join Date: Sep 2003
Location: San Antonio
Programs: DL DM, Former AA EXP now AY Plat, AC 75K, NW Plat, Former CO Gold, Hilton Diamond, Marriott Titanium
Posts: 27,042
My wife just had something similar happen the other day - saw an email that her profie had been updated (which she hadn't done). Turns out someone got into her account and spent miles. She contacted Delta, and they said they won't reinstate the miles or do anything, because it's not their fault she gave her password to someone
FWIW the password was about as strong as Delta will allow it to be. Pretty frustrated they're blowing off a fraudulent redemption that was promptly reported.
FWIW the password was about as strong as Delta will allow it to be. Pretty frustrated they're blowing off a fraudulent redemption that was promptly reported.
As MSP asks, if award travel did you cancel.
Last question, who got the award? There'll be a name attached/address.
Nov 13, 2016, 7:19 am
#24
Join Date: May 2009
Location: South Park, CO
Programs: Tegridy Elite
Posts: 5,678
If this was an award ticket, has it already been flown? it might be harder for DL to undo a fraudulent merchandise order.
I'd try to escalate regarding the decision not to return the miles. It shouldn't be possible to make an address change and then immediately order a bunch of stuff to be sent to the new address.
I'd try to escalate regarding the decision not to return the miles. It shouldn't be possible to make an address change and then immediately order a bunch of stuff to be sent to the new address.
She has escalated so we'll see what happens. Just odd that this was DL's initial response. If that's their stance then no one would ever be made whole after fraud if they just say "well, you must have given someone your password, too bad"
Nov 13, 2016, 8:22 am
#25
In memoriam, FlyerTalk Evangelist
Join Date: May 2005
Location: PIT
Programs: DM life is over 2MM PM now & NW MillionAir Wyndham Rewards Plat -Hotels.com Silver -Accor Silver
Posts: 15,408
If it was a mileage transfer to another account, particularly, since, I guess there had to be a fee paid to transfer the miles, you would think they would know who the miles went to and be able to investigate and track the party down.
Nov 13, 2016, 11:24 pm
#28
Join Date: May 2011
Location: NYC
Programs: DL PM. 1MM
Posts: 2,045
HUCA. HUCA. HUCA Supervisor.
You got a terrible agent.
It is Delta's responsibility to have some safeguards in place to prevent fraud of your Skymiles account. Presuming you called Delta as soon as you noticed the issue they should be able to cancel travel or stop the marketplace purchases. If you waited 1 week to call Delta well yes I'm afraid you do bear some responsibility for that fraud.
And even if it was for immediate travel that means delta has the names of passengers travelling etc and can go after that for due compensation on the flights. Unless it was just an intermediary who was using your miles to book travel for an innocent person. Possible I guess.
Nov 14, 2016, 6:29 am
#29
FlyerTalk Evangelist
Join Date: Sep 2007
Location: BOS
Programs: DL DM 2MM, Marriott LT Titanium, Hertz PC, Avis PC
Posts: 15,198
If it was a mileage transfer, then DL knows what account it went to and should be able to reverse it and flag the account it went to as fraud. I guess the question is, as others mentioned, how much time elapsed from the notification of profile update until she contacted Delta?
Nov 14, 2016, 8:58 am
#30
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,413
DL can revoke FF privileges for the receiving account, but if it's a new account set up for fraud, this won't matter. Some airlines have policies that new accounts can't receive tranferred miles, which tends to prevent these sorts of problems.