Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Delta Air Lines | SkyMiles
Reload this Page >

Skymiles account hacked, points drained

Skymiles account hacked, points drained

Reply

Old Oct 19, 18, 11:35 am
  #31  
Original Poster
 
Join Date: Jul 2008
Location: Exactly where I want to be
Programs: IHG Gold,SPG Gold, HH Gold, Marriott Gold, Hyatt Discoverist, Delta Kettle, AMEX Plat, DL AMEX Plat
Posts: 1,391
Well, 10 days out and not a peep from Delta. Not even an automatic response to my emails. And, I'm still locked out of my account.
To add to my frustrations, I found out Thursday that someone had hacked into my Xfinity account (not sure how, since I have the 2-step login and a very esoteric security question) at 4:30am, got to my FB account (with a NOT common password), and got to my AirBnB account that I access via FB. They booked a nice trip for themselves to the tune of $1400. To their credit, AirBnB took just 3 hours to investigate and deem the charge bogus and cancelled it and reversed the CC charge. AMEX also looked very quickly and worked with AirBnB. The person who hacked my Xfinity left their email address as the "primary" address on the account - dumb. Xfinity was hard to work with to re-secure my account - had some guy in the offshore office and kept trying to say there was nothing they could do since I had all their security features already... I spent all day calling my card companies to put holds on all charges unless I approve. So far, this AirBnB was the only one.
slidergirl is offline  
Reply With Quote
Old Oct 19, 18, 1:31 pm
  #32  
 
Join Date: Jul 2015
Location: SEA
Programs: DL FO, Hilton/Marriott Gold, Accor Silver
Posts: 1,967
Originally Posted by slidergirl View Post
Well, 10 days out and not a peep from Delta. Not even an automatic response to my emails. And, I'm still locked out of my account.
To add to my frustrations, I found out Thursday that someone had hacked into my Xfinity account (not sure how, since I have the 2-step login and a very esoteric security question) at 4:30am, got to my FB account (with a NOT common password), and got to my AirBnB account that I access via FB. They booked a nice trip for themselves to the tune of $1400. To their credit, AirBnB took just 3 hours to investigate and deem the charge bogus and cancelled it and reversed the CC charge. AMEX also looked very quickly and worked with AirBnB. The person who hacked my Xfinity left their email address as the "primary" address on the account - dumb. Xfinity was hard to work with to re-secure my account - had some guy in the offshore office and kept trying to say there was nothing they could do since I had all their security features already... I spent all day calling my card companies to put holds on all charges unless I approve. So far, this AirBnB was the only one.
With that many breaches without any apparently common passwords, I'm starting to wonder if you might have a keylogger on one of your devices.
jinglish is offline  
Reply With Quote
Old Oct 19, 18, 1:53 pm
  #33  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 79,322
Or could this be a case of a password manager being hacked?
MSPeconomist is offline  
Reply With Quote
Old Oct 19, 18, 2:27 pm
  #34  
 
Join Date: Feb 2015
Location: SFO/TPA
Programs: DL PM
Posts: 143
I'm becoming a true fan of 2-factor authorization. It's not full protection against all breaches, but usernames and passwords won't be enough to go in and do things in an account. And the text serves as an alert when something untoward is afoot. I recently got a text from Amazon with a code that I didn't ask for I. Immediately went in and changed my password. It doesn't look like Delta offers 2-factor authorization, or at least I can't find it. Would love to be told I'm wrong.
dalehill is offline  
Reply With Quote
Old Oct 19, 18, 3:15 pm
  #35  
 
Join Date: Jun 2009
Location: Somewhere
Programs: Delta FO (I use to be More)
Posts: 2,709
2-factor fails too if your form of authorization is compromised, as it seems the ops is.
HWGeeks is offline  
Reply With Quote
Old Oct 19, 18, 4:40 pm
  #36  
LBJ
FlyerTalk Evangelist
 
Join Date: Jul 2003
Programs: DL DM
Posts: 13,287
At this point, I'd say your Sky Miles balance is the least of things you should be worried about. Have you changed passwords on all your accounts? Are you sure none of the devices you use have been compromised?
LBJ is offline  
Reply With Quote
Old Oct 19, 18, 5:33 pm
  #37  
 
Join Date: Sep 2016
Location: HSV
Programs: Bellevue Lifetime Premiere Mega Elite Supreme
Posts: 1,232
Agree with LBJ.

Also, don't spend more time recovering your SMs than they're worth. No need to spend $1000 worth of labor to recover $500 in benefit.
TheHorta is offline  
Reply With Quote
Old Oct 19, 18, 5:36 pm
  #38  
 
Join Date: Sep 2009
Location: HNL
Programs: DL DM, BW DE (lifetime), HH DE, Marriott PE (lifetime GE), National Emerald Executive
Posts: 6,192
Originally Posted by MSPeconomist View Post
Or could this be a case of a password manager being hacked?
+1

A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
RealHJ is offline  
Reply With Quote
Old Oct 20, 18, 2:14 am
  #39  
 
Join Date: Jun 2015
Location: SFO/SJC, BWI
Programs: :rolleyes:, DL DM, Mlife Plat, TR 7*, SPG/MR Plat, UA 1K
Posts: 9,443
Originally Posted by RealHJ View Post
+1

A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
Uh, that's certainly one opinion.

I have a great memory. I also have over 200 sites in my password manager (60+ in my "Travel" category alone).

A good password manager doesn't literally store your actual passwords, it stores an encrypted version of them, and the encryption key never leaves your device.

They're not foolproof or perfect, but for most people the benefits of being able to use long/complex and unique passwords on multiple sites far outweighs the risks (which are present, sure) of using a password manager.
Zorak is offline  
Reply With Quote
Old Oct 20, 18, 6:37 am
  #40  
pvn
Suspended
 
Join Date: Nov 2010
Location: MEM
Programs: Starbucks Green Card
Posts: 5,431
Originally Posted by RealHJ View Post
+1

A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
ok, you obviously don't know what you're talking about.

First of all, not all password managers require storing data in the cloud.

Secondly, using passwords that you can remember is like, orders of magnitudes worse than storing your encrypted passwords in the cloud.
IndyHoosier and jinglish like this.
pvn is offline  
Reply With Quote
Old Oct 20, 18, 11:30 am
  #41  
 
Join Date: Apr 2012
Programs: Delta DM/MM, Marriott Gold
Posts: 455
Originally Posted by gooselee View Post
I outsmart all the hackers. My password is "54321password"!
I am a real hacker. My password is pencil, it is written on a sheet of paper in a draw. Have to go, I am going to play a game of Global Thermonuclear War with Joshua.
LoganFlyer likes this.
spamkiller is offline  
Reply With Quote
Old Oct 20, 18, 11:33 am
  #42  
 
Join Date: Sep 2009
Location: HNL
Programs: DL DM, BW DE (lifetime), HH DE, Marriott PE (lifetime GE), National Emerald Executive
Posts: 6,192
Originally Posted by Zorak View Post
Uh, that's certainly one opinion.

I have a great memory. I also have over 200 sites in my password manager (60+ in my "Travel" category alone).

A good password manager doesn't literally store your actual passwords, it stores an encrypted version of them, and the encryption key never leaves your device.

They're not foolproof or perfect, but for most people the benefits of being able to use long/complex and unique passwords on multiple sites far outweighs the risks (which are present, sure) of using a password manager.
An offline password manager with a physical key and individual key encryption of each and every password, sure, that can work. There is the right way to do it, though still generally putting all your proverbial eggs in one basket is not a good idea, no matter how sturdy you think it is (what if some major backdoor is discovered in it later? that has been quite common in various encryption sw, after all). It's just that other than storing it in your mind, there is no 100% safe way to store any passwords.
RealHJ is offline  
Reply With Quote
Old Oct 20, 18, 11:35 am
  #43  
 
Join Date: Sep 2009
Location: HNL
Programs: DL DM, BW DE (lifetime), HH DE, Marriott PE (lifetime GE), National Emerald Executive
Posts: 6,192
Originally Posted by pvn View Post
ok, you obviously don't know what you're talking about.

First of all, not all password managers require storing data in the cloud.

Secondly, using passwords that you can remember is like, orders of magnitudes worse than storing your encrypted passwords in the cloud.
I don't think you know what you are talking about. You must be using weak random character passwords, vs. phrase and such passwords that are exponentially more difficult to crack, yet easy to remember even for those with a weak memory (while for anyone with normal to above memory, memorizing several passwords is no problem, since most attach a meaning even to a seemingly random keys password - I think you must be missing the commonly employed tactics of memorization).
RealHJ is offline  
Reply With Quote
Old Oct 20, 18, 11:35 am
  #44  
Original Poster
 
Join Date: Jul 2008
Location: Exactly where I want to be
Programs: IHG Gold,SPG Gold, HH Gold, Marriott Gold, Hyatt Discoverist, Delta Kettle, AMEX Plat, DL AMEX Plat
Posts: 1,391
Originally Posted by TheHorta View Post
Agree with LBJ.

Also, don't spend more time recovering your SMs than they're worth. No need to spend $1000 worth of labor to recover $500 in benefit.
I was trying to save those miles for one last trip to Italy. My little job doesn't afford me the ability to spend money for the airfare. Sorry that you think my trip isn't worth my effort. Glad for you that you have the ability to blow off miles and pay cash for a trip.

I only have 2 devices that I use. I use the 2-step authorization when possible. I don't have a password manager. I've gone in and changed passwords to frequently used accounts that are used for purchasing or services.
TheHorta likes this.
slidergirl is offline  
Reply With Quote
Old Oct 20, 18, 11:36 am
  #45  
 
Join Date: Apr 2012
Programs: Delta DM/MM, Marriott Gold
Posts: 455
Originally Posted by pvn View Post
ok, you obviously don't know what you're talking about.

First of all, not all password managers require storing data in the cloud.

Secondly, using passwords that you can remember is like, orders of magnitudes worse than storing your encrypted passwords in the cloud.
Really? How do you know the security of the password manager? How do you know there is no backdoor to it? https://thehackernews.com/2017/02/pa...ager-apps.html

A password manager does have to decrypt the password to fill the form.
RealHJ likes this.
spamkiller is offline  
Reply With Quote

Thread Tools
Search this Thread