Skymiles account hacked, points drained
#31
Original Poster
Join Date: Jul 2008
Location: Exactly where I want to be
Programs: IHG Gold,SPG Gold, HH Gold, Marriott Gold, Hyatt Discoverist, Delta Kettle, AMEX Plat, DL AMEX Plat
Posts: 1,434
Well, 10 days out and not a peep from Delta. Not even an automatic response to my emails. And, I'm still locked out of my account.
To add to my frustrations, I found out Thursday that someone had hacked into my Xfinity account (not sure how, since I have the 2-step login and a very esoteric security question) at 4:30am, got to my FB account (with a NOT common password), and got to my AirBnB account that I access via FB. They booked a nice trip for themselves to the tune of $1400. To their credit, AirBnB took just 3 hours to investigate and deem the charge bogus and cancelled it and reversed the CC charge. AMEX also looked very quickly and worked with AirBnB. The person who hacked my Xfinity left their email address as the "primary" address on the account - dumb. Xfinity was hard to work with to re-secure my account - had some guy in the offshore office and kept trying to say there was nothing they could do since I had all their security features already... I spent all day calling my card companies to put holds on all charges unless I approve. So far, this AirBnB was the only one.
To add to my frustrations, I found out Thursday that someone had hacked into my Xfinity account (not sure how, since I have the 2-step login and a very esoteric security question) at 4:30am, got to my FB account (with a NOT common password), and got to my AirBnB account that I access via FB. They booked a nice trip for themselves to the tune of $1400. To their credit, AirBnB took just 3 hours to investigate and deem the charge bogus and cancelled it and reversed the CC charge. AMEX also looked very quickly and worked with AirBnB. The person who hacked my Xfinity left their email address as the "primary" address on the account - dumb. Xfinity was hard to work with to re-secure my account - had some guy in the offshore office and kept trying to say there was nothing they could do since I had all their security features already... I spent all day calling my card companies to put holds on all charges unless I approve. So far, this AirBnB was the only one.
#32
Join Date: Jul 2015
Location: SEA
Programs: Hilton/Marriott Gold, Accor Silver
Posts: 2,036
Well, 10 days out and not a peep from Delta. Not even an automatic response to my emails. And, I'm still locked out of my account.
To add to my frustrations, I found out Thursday that someone had hacked into my Xfinity account (not sure how, since I have the 2-step login and a very esoteric security question) at 4:30am, got to my FB account (with a NOT common password), and got to my AirBnB account that I access via FB. They booked a nice trip for themselves to the tune of $1400. To their credit, AirBnB took just 3 hours to investigate and deem the charge bogus and cancelled it and reversed the CC charge. AMEX also looked very quickly and worked with AirBnB. The person who hacked my Xfinity left their email address as the "primary" address on the account - dumb. Xfinity was hard to work with to re-secure my account - had some guy in the offshore office and kept trying to say there was nothing they could do since I had all their security features already... I spent all day calling my card companies to put holds on all charges unless I approve. So far, this AirBnB was the only one.
To add to my frustrations, I found out Thursday that someone had hacked into my Xfinity account (not sure how, since I have the 2-step login and a very esoteric security question) at 4:30am, got to my FB account (with a NOT common password), and got to my AirBnB account that I access via FB. They booked a nice trip for themselves to the tune of $1400. To their credit, AirBnB took just 3 hours to investigate and deem the charge bogus and cancelled it and reversed the CC charge. AMEX also looked very quickly and worked with AirBnB. The person who hacked my Xfinity left their email address as the "primary" address on the account - dumb. Xfinity was hard to work with to re-secure my account - had some guy in the offshore office and kept trying to say there was nothing they could do since I had all their security features already... I spent all day calling my card companies to put holds on all charges unless I approve. So far, this AirBnB was the only one.
#33
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,334
Or could this be a case of a password manager being hacked?
#34
Join Date: Feb 2015
Location: SFO/TPA
Programs: DL PM
Posts: 199
I'm becoming a true fan of 2-factor authorization. It's not full protection against all breaches, but usernames and passwords won't be enough to go in and do things in an account. And the text serves as an alert when something untoward is afoot. I recently got a text from Amazon with a code that I didn't ask for I. Immediately went in and changed my password. It doesn't look like Delta offers 2-factor authorization, or at least I can't find it. Would love to be told I'm wrong.
#38
Join Date: Sep 2009
Location: HNL
Programs: DL PM/1MM, BW DE (lifetime), HH DE, Marriott PE (lifetime), National Emerald Executive
Posts: 7,195
+1
A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
#39
Moderator: Hyatt; FlyerTalk Evangelist
Join Date: Jun 2015
Location: WAS
Programs: :rolleyes:, DL DM, Mlife Plat, Caesars Diam, Marriott Tit, UA Gold, Hyatt Glob, invol FT beta tester
Posts: 18,819
+1
A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
I have a great memory. I also have over 200 sites in my password manager (60+ in my "Travel" category alone).
A good password manager doesn't literally store your actual passwords, it stores an encrypted version of them, and the encryption key never leaves your device.
They're not foolproof or perfect, but for most people the benefits of being able to use long/complex and unique passwords on multiple sites far outweighs the risks (which are present, sure) of using a password manager.
#40
Suspended
Join Date: Nov 2010
Location: MEM
Programs: Starbucks Green Card
Posts: 5,431
+1
A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
A password manager is for lazy people and anyone with even a little bit of security consciousness would stay away from those like the plague. That is like giving all your personal details away to some random stranger (almost). Unfathomable why people actually use those things (or allow browsers to store passwords, etc.). Just use your head; it's not that hard.
First of all, not all password managers require storing data in the cloud.
Secondly, using passwords that you can remember is like, orders of magnitudes worse than storing your encrypted passwords in the cloud.
#41
Join Date: Apr 2012
Location: California
Programs: DeltaSilver/MM, Marriott Platinum
Posts: 494
#42
Join Date: Sep 2009
Location: HNL
Programs: DL PM/1MM, BW DE (lifetime), HH DE, Marriott PE (lifetime), National Emerald Executive
Posts: 7,195
Uh, that's certainly one opinion.
I have a great memory. I also have over 200 sites in my password manager (60+ in my "Travel" category alone).
A good password manager doesn't literally store your actual passwords, it stores an encrypted version of them, and the encryption key never leaves your device.
They're not foolproof or perfect, but for most people the benefits of being able to use long/complex and unique passwords on multiple sites far outweighs the risks (which are present, sure) of using a password manager.
I have a great memory. I also have over 200 sites in my password manager (60+ in my "Travel" category alone).
A good password manager doesn't literally store your actual passwords, it stores an encrypted version of them, and the encryption key never leaves your device.
They're not foolproof or perfect, but for most people the benefits of being able to use long/complex and unique passwords on multiple sites far outweighs the risks (which are present, sure) of using a password manager.
#43
Join Date: Sep 2009
Location: HNL
Programs: DL PM/1MM, BW DE (lifetime), HH DE, Marriott PE (lifetime), National Emerald Executive
Posts: 7,195
I don't think you know what you are talking about. You must be using weak random character passwords, vs. phrase and such passwords that are exponentially more difficult to crack, yet easy to remember even for those with a weak memory (while for anyone with normal to above memory, memorizing several passwords is no problem, since most attach a meaning even to a seemingly random keys password - I think you must be missing the commonly employed tactics of memorization).
#44
Original Poster
Join Date: Jul 2008
Location: Exactly where I want to be
Programs: IHG Gold,SPG Gold, HH Gold, Marriott Gold, Hyatt Discoverist, Delta Kettle, AMEX Plat, DL AMEX Plat
Posts: 1,434
I only have 2 devices that I use. I use the 2-step authorization when possible. I don't have a password manager. I've gone in and changed passwords to frequently used accounts that are used for purchasing or services.
#45
Join Date: Apr 2012
Location: California
Programs: DeltaSilver/MM, Marriott Platinum
Posts: 494
A password manager does have to decrypt the password to fill the form.