Skymiles account hacked, points drained
Oct 9, 2018, 12:05 pm
#1
Original Poster
Join Date: Jul 2008
Location: Exactly where I want to be
Programs: IHG Gold,SPG Gold, HH Gold, Marriott Gold, Hyatt Discoverist, Delta Kettle, AMEX Plat, DL AMEX Plat
Posts: 1,434
Skymiles account hacked, points drained
I was trying to logon to delta.com today. I kept getting a login/password error. Went and changed the password so I could get in. I look at my miles and was horrified to see that it was drained! Now, I'm not like many of you here with millions of miles; I had a modest amount that I was holding onto for a future trip to Europe. Looks like that, on October 7, someone used up the miles twice for "Skymiles Marketplace" purchases.
I've sent an account query to DL to see what happened. Anyone have an idea of what I can expect?
I've sent an account query to DL to see what happened. Anyone have an idea of what I can expect?
Oct 9, 2018, 12:19 pm
#2
Join Date: Jun 2004
Location: San Diego
Programs: IHG Spire Amb, HH Diamond, DL Diamond and 1MM
Posts: 3,611
My Sympathies
I won’t speculate on how the crooks got into your account. Same thing happened a year ago on IHG hotels. Common denominator is the ability to redeem stolen points for gift card or other marketplace transactions where the thief can “redeem and run.”
You inquiry with Delta isn’t “What happened?”, but “Points stolen via Delta Marketplace, please restore them!”
Good luck and please report back your resolution with Delta.
You inquiry with Delta isn’t “What happened?”, but “Points stolen via Delta Marketplace, please restore them!”
Good luck and please report back your resolution with Delta.
Oct 9, 2018, 1:51 pm
#4
FlyerTalk Evangelist
Join Date: Sep 2003
Location: San Antonio
Programs: DL DM, Former AA EXP now AY Plat, AC 75K, NW Plat, Former CO Gold, Hilton Diamond, Marriott Titanium
Posts: 27,042
I won’t speculate on how the crooks got into your account. Same thing happened a year ago on IHG hotels. Common denominator is the ability to redeem stolen points for gift card or other marketplace transactions where the thief can “redeem and run.”
You inquiry with Delta isn’t “What happened?”, but “Points stolen via Delta Marketplace, please restore them!”
Good luck and please report back your resolution with Delta.
You inquiry with Delta isn’t “What happened?”, but “Points stolen via Delta Marketplace, please restore them!”
Good luck and please report back your resolution with Delta.
Hopefully DL treats OP better than what a UA member just went through. MP locked my account due to "Fraud", Help {caused by UA error, access restored}
Oct 9, 2018, 4:01 pm
#5
Suspended
Join Date: Aug 2009
Location: Look up - On a ✈ DELTA ✈ jet NOW!
Programs: Blogger & Delta Diamond Medallion Million Miler
Posts: 4,174
I was trying to logon to delta.com today. I kept getting a login/password error. Went and changed the password so I could get in. I look at my miles and was horrified to see that it was drained! Now, I'm not like many of you here with millions of miles; I had a modest amount that I was holding onto for a future trip to Europe. Looks like that, on October 7, someone used up the miles twice for "Skymiles Marketplace" purchases.
I've sent an account query to DL to see what happened. Anyone have an idea of what I can expect?
I've sent an account query to DL to see what happened. Anyone have an idea of what I can expect?
Oct 9, 2018, 11:15 pm
#6
Join Date: Apr 2002
Location: Atlanta Metro
Programs: DL , AC, BA, Hhonors Diamond, IH Platinum, Bonvoy Gold, Hyatt Discoverist
Posts: 2,356
Boy, what a miserable thing to have happen. You seem to be taking it pretty well, though. I don't know if I could compose such calm, sane messages under the circumstances!
Oct 9, 2018, 11:21 pm
#7
Suspended
Join Date: Aug 2009
Location: Look up - On a ✈ DELTA ✈ jet NOW!
Programs: Blogger & Delta Diamond Medallion Million Miler
Posts: 4,174
Oct 10, 2018, 12:00 am
#8
Moderator: Hyatt; FlyerTalk Evangelist
Join Date: Jun 2015
Location: WAS
Programs: :rolleyes:, DL DM, Mlife Plat, Caesars Diam, Marriott Tit, UA Gold, Hyatt Glob, invol FT beta tester
Posts: 18,931
I find it highly unlikely that security/fraud/loss prevention folk write web site/booking engine code.
Oct 10, 2018, 5:26 am
#10
Suspended
Join Date: Aug 2009
Location: Look up - On a ✈ DELTA ✈ jet NOW!
Programs: Blogger & Delta Diamond Medallion Million Miler
Posts: 4,174
Statement on [24]7.ai cyber incident
On Saturday Delta launched delta.allclearid.com to offer free credit monitoring services to customers who believe they may be impacted, and updated delta.com/response.
Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted. Delta customers who believe they could be impacted should visit https://delta.allclearid.com to enroll in free protection services being offered.Upon being notified of [24]7.ai's incident, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously. On Thursday Delta launched delta.com/response, a dedicated website, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers' payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.
Posted at 5:15 p.m. Wednesday:Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.Upon being notified of [24]7.ai's incident, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously. Delta will launch delta.com/response, a dedicated website, noon ET April 5, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers' payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.
Statement issued earlier Wednesday by [24]7.ai on Information Security Incident[24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26 and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.
Posted at 5:15 p.m. Wednesday:Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.Upon being notified of [24]7.ai's incident, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously. Delta will launch delta.com/response, a dedicated website, noon ET April 5, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers' payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.
Statement issued earlier Wednesday by [24]7.ai on Information Security Incident[24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26 and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.
Oct 10, 2018, 6:13 am
#12
FlyerTalk Evangelist
Join Date: Nov 2000
Location: Nashville -Past DL Plat, FO, WN-CP, various hotel programs
Programs: DL-MM, AA, SW w/companion,HiltonDiamond, Hyatt PLat, IHF Plat, Miles and Points Seeker
Posts: 11,073
I agree with this 110%. Why folks want to slam Delta (or any company) without knowing what really happened.
By design, access to accounts will have the basic security.
End users often do things making it easy for others to hack in. Or maybe the end users computer was hacked.
Oct 10, 2018, 7:14 am
#13
Join Date: Apr 2011
Posts: 3,394
I agree with this 110%. Why folks want to slam Delta (or any company) without knowing what really happened.
By design, access to accounts will have the basic security.
End users often do things making it easy for others to hack in. Or maybe the end users computer was hacked.
By design, access to accounts will have the basic security.
End users often do things making it easy for others to hack in. Or maybe the end users computer was hacked.
Oct 10, 2018, 11:03 am
#14
Moderator: Hyatt; FlyerTalk Evangelist
Join Date: Jun 2015
Location: WAS
Programs: :rolleyes:, DL DM, Mlife Plat, Caesars Diam, Marriott Tit, UA Gold, Hyatt Glob, invol FT beta tester
Posts: 18,931
https://news.delta.com/updated-state...cyber-incident
On Saturday Delta launched delta.allclearid.com to offer free credit monitoring services to customers who believe they may be impacted, and updated delta.com/response.Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident.
...
...
if this is supposed to be a reply to what I said, you're going to have to spell out the connection for me.You asserted that "the same IT folks who protect DL SkyMiles are the folks who run the SkyMiles booking page". I get that you want to use any excuse to bash their IT, and I'm not by any means saying it's a shining example or anything, but for a company Delta's size that statement is almost certainly untrue. You *could* be correct, but based on 20+ years as a software developer I'm going to remain skeptical unless you can produce an internal org chart. (And sure, eventually they probably report to the same VP somewhere but that's not what we're talking about)
Replying with an example of what is essentially a website plugin component outsourced to a third party being compromised feels like a complete non sequitur.
Oct 10, 2018, 3:50 pm
#15
Join Date: Jun 2004
Location: ATL
Programs: Delta PlM, 1M
Posts: 6,363
I always wonder when people have to sign into websites, especially less reputable ones, if the passwords are ever sold or used elsewhere as MANY people use the same email/password combo for everything from ESPN.com, Facebook, Twitter, Online Banking, Delta.com, Flyertalk, etc.
Get yourself a throwaway username/password for all the sites you think do not need an actual signon. And for me that includes this site.