SkyMiles Account hacked today

Old Mar 2, 16, 12:01 pm
  #1  
KDS
Original Poster
 
Join Date: May 2011
Programs: Delta Diamond Medallion 1MM, Hilton Diamond, Marriott Gold, National Car Executive Elite
Posts: 550
SkyMiles Account hacked today

My SkyMiles account was hacked about one hour ago. Profile information was changed and over 500K miles "spent" in the Maretplace.

Called Delta and got it fixed right away. Word of caution to others: check your accounts in case you also were hacked.
KDS is offline  
Old Mar 2, 16, 12:42 pm
  #2  
 
Join Date: Jan 2010
Location: CT
Programs: DL DM 2MM, MR LTT, Hilton D, Hertz PC. National Emerald Exec, UA Silver(thanks to Marriott)
Posts: 2,026
I assume what the personal information was changed to was not someone you knew and the hack was external to you. How do you know it was hacked just an hour ago. If that is true then it should be fairly easy to catch them as I assume you can't ship that stuff to a P.O. Box.

It would be nice if DL had an automatic email notification when a large number of miles are used like you can set up with bank transactions.

Was your DL password a common one you use, do you get on GoGo often. Trying to understand the how it got hacked.
BusTrav8yrs is offline  
Old Mar 2, 16, 12:48 pm
  #3  
KDS
Original Poster
 
Join Date: May 2011
Programs: Delta Diamond Medallion 1MM, Hilton Diamond, Marriott Gold, National Car Executive Elite
Posts: 550
Originally Posted by BusTrav8yrs View Post
I assume what the personal information was changed to was not someone you knew and the hack was external to you.
Yes that is correct.

Originally Posted by BusTrav8yrs View Post
How do you know it was hacked just an hour ago. If that is true then it should be fairly easy to catch them as I assume you can't ship that stuff to a P.O. Box.
Delta sent me an email notifying me that my personal information had been updated. These emails are sent within a few minutes after the changes are made. As soon as I saw the email, I called SkyMiles desk.

Originally Posted by BusTrav8yrs View Post
Was your DL password a common one you use, do you get on GoGo often. Trying to understand the how it got hacked.
I use different passwords on all sites; none are repeated. So my Delta password was unique for that site. And I don't use GoGo at all.
KDS is offline  
Old Mar 2, 16, 1:55 pm
  #4  
FlyerTalk Evangelist
 
Join Date: Sep 2007
Location: BOS
Programs: DL DM 1MM, Marriott LT Titanium, Hertz PC
Posts: 12,703
Glad you noticed and got it fixed quickly before anything shipped out to the hackers.
rylan is offline  
Old Mar 2, 16, 2:04 pm
  #5  
 
Join Date: Nov 2000
Location: Nashville -Past DL Plat, FO, WN-CP, various hotel programs
Programs: DL-MM, AA, SW w/companion,HiltonDiamond, Hyatt PLat, IHF Plat, Miles and Points Seeker
Posts: 9,619
Originally Posted by rylan View Post
Glad you noticed and got it fixed quickly before anything shipped out to the hackers.
I wish we had the manpower to let it ship and then nail the .......s when they accepted delivery.

Now... they get off free.
NoStressHere is offline  
Old Mar 2, 16, 2:34 pm
  #6  
 
Join Date: Jan 2012
Posts: 585
Originally Posted by BusTrav8yrs View Post
It would be nice if DL had an automatic email notification when a large number of miles are used like you can set up with bank transactions.
I believe that they do.
fpmurphy is offline  
Old Mar 2, 16, 2:44 pm
  #7  
 
Join Date: Apr 2015
Location: BOS
Programs: Delta DM, SPG PLT100, Marriott Gold
Posts: 346
I get something like this every time I cash in miles for a trip:

"Dear Mr. XYZ,

Your SkyMiles account *** reflects 25,000 miles were used on January 22, 2016 for Award Travel.

If you did not authorize this transaction, please contact us immediately at 1-800-323-2323 for assistance. If you are currently outside of the United States, please contact the local reservations office where you are located.

This email is a transaction notice only. You will receive a separate email detailing your Award Travel reservation.

As always, we thank you for your loyalty."

I've never purchased anything from the Marketplace, but I would expect to receive a similar notification.
BOSTransplant is offline  
Old Mar 2, 16, 3:44 pm
  #8  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 90,487
Originally Posted by BOSTransplant View Post
I get something like this every time I cash in miles for a trip:

"Dear Mr. XYZ,

Your SkyMiles account *** reflects 25,000 miles were used on January 22, 2016 for Award Travel.

If you did not authorize this transaction, please contact us immediately at 1-800-323-2323 for assistance. If you are currently outside of the United States, please contact the local reservations office where you are located.

This email is a transaction notice only. You will receive a separate email detailing your Award Travel reservation.

As always, we thank you for your loyalty."

I've never purchased anything from the Marketplace, but I would expect to receive a similar notification.
I received a similar notification for my last award tickets, probably about a month ago. I think this is pretty new, as I don't remember such notifications for earlier DL redemptions.
MSPeconomist is offline  
Old Mar 2, 16, 4:19 pm
  #9  
FlyerTalk Evangelist
 
Join Date: Jun 2001
Programs: DL 1 million, AA 1 mil, HH lapsed Diamond, Marriott Plat
Posts: 28,192
Originally Posted by KDS View Post
Called Delta and got it fixed right away. Word of caution to others: check your accounts in case you also were hacked.
I understand your pain but really, 90 million SkyMiles members don't have (much) incremental reason to check our accounts because you got hacked today. Good password and browser practices every day will be more useful.
3Cforme is offline  
Old Mar 2, 16, 4:43 pm
  #10  
 
Join Date: Oct 2008
Posts: 338
No suspicious activity on my account. I changed the password and security questions just in case, but, unless we hear from other people getting hacked, this is likely an isolated incident.

I got some miles posted from points.com today, which got me worried as I have not done anything on points.com in years. Turns out Biscoff posts their awards this way.
TObject is offline  
Old Mar 2, 16, 5:01 pm
  #11  
 
Join Date: Apr 2004
Location: Montreal
Programs: FB Gold; PC Plat.
Posts: 415
Originally Posted by BOSTransplant View Post
I get something like this every time I cash in miles for a trip:

"Dear Mr. XYZ,

Your SkyMiles account *** reflects 25,000 miles were used on January 22, 2016 for Award Travel.

If you did not authorize this transaction, please contact us immediately at 1-800-323-2323 for assistance. If you are currently outside of the United States, please contact the local reservations office where you are located.

This email is a transaction notice only. You will receive a separate email detailing your Award Travel reservation.

As always, we thank you for your loyalty."

I've never purchased anything from the Marketplace, but I would expect to receive a similar notification.
..that is, if the hacker didn't change your account's e-mail address. It happened to me with my BA account, so...
Meriem is offline  
Old Mar 2, 16, 6:38 pm
  #12  
 
Join Date: Jan 2002
Location: RST
Programs: Delta Diamond; Hilton Diamond; Accor Gold
Posts: 4,797
Originally Posted by 3Cforme View Post
I understand your pain but really, 90 million SkyMiles members don't have (much) incremental reason to check our accounts because you got hacked today. Good password and browser practices every day will be more useful.
Wrong! Last year Hilton Hhonors got hit with a big scam. They have since changed their login process. Maybe it's one guy who left his account open at the wrong place or it could be something significant.

Thanks to the OP for letting us know. That's the great thing about FT. I am sure I am not the only one to check my account. Good job of DL for having a system that double checks these things.
fromYXU is offline  
Old Mar 2, 16, 6:55 pm
  #13  
 
Join Date: Jul 2009
Programs: Delta Gold (2020)
Posts: 2,043
Originally Posted by Meriem View Post
..that is, if the hacker didn't change your account's e-mail address. It happened to me with my BA account, so...
I haven't changed my email with Delta recently but when I've done so with other companies, they send an email confirmation to the new AND old address. Smart.
Hoyaheel is offline  
Old Mar 2, 16, 9:04 pm
  #14  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 90,487
Originally Posted by Hoyaheel View Post
I haven't changed my email with Delta recently but when I've done so with other companies, they send an email confirmation to the new AND old address. Smart.
This is a good practice, but I don't think you can count on it being followed by all airline and hotel programs, unfortunately.
MSPeconomist is offline  
Old Mar 3, 16, 1:41 am
  #15  
 
Join Date: Feb 2014
Location: Phoenix
Programs: DL Diamond,1.8 MM; AA Gold
Posts: 189
Originally Posted by MSPeconomist View Post
This is a good practice, but I don't think you can count on it being followed by all airline and hotel programs, unfortunately.
Over the past 5 months I have been repeatedly hit by identity theft, most recently again a few days ago. I changed all my passwords (again-sigh) yesterday and have removed all credit card information from websites that store them. I was surprised at how many hotel, rental car, airline and department store websites put me through the wringer just to make the password change. Most of them send a text providing a code you have to enter back at the website, all before the change is made. Immediately after the change was made I received emails notifying me, so it seems they are all tightening up their security. Interesting note that Delta was the only website that wouldn't allow characters in my password to make it more secure....
clinspec is offline  

Thread Tools
Search this Thread
Search Engine: