Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Delta Air Lines | SkyMiles
Reload this Page >

Current Delta Account hacking - some Delta recommendations

Current Delta Account hacking - some Delta recommendations

Reply

Old Nov 1, 18, 8:53 am
  #1  
Original Poster
 
Join Date: Oct 2001
Location: Minneapolis, Mn.
Programs: Dl mm (Gold), Marriott Patinum, UA Silver
Posts: 84
Current Delta Account hacking - some Delta recommendations

When I signed into my account on Monday to get a seat assignment, I noticed that almost all of my miles were gone, and a few days ago an unknown redemption to Delta Marketplace. I called and a helpful agent filled out the proper forms, and by the end of the day, my miles were returned, and I was able to reset my password.
Then yesterday, I got an email from Delta that they had "noticed a number of login attempts" and my account was locked, call to restore account.
After a discussion with a helpful supervisor, here is what I learned:
1. The "marketplace" scam has been going on for some time. If you google skymiles fraud or hacking, you'll find lots of examples.
2. The multiple login thing is more than just a onetime thing. Apparently Delta recognized this problem in several thousand accounts, and locked all of them, and sent an eail.
3. The login problem is largely influenced by two things:
a. Using an emial address to login to account
b. Using a guessable or easy/soft password.
4. Delta has recently moved to a three or four attempts then you're out for logging in.
5. If you're affected, you'll need to fill out a case on the website, and send a picture of a government id with your address. It will take up to a week to resolve.

Now the hacking of miles for purchases at the Marketplace could be solve by two-step authentication, or at least email receipts of purchases, immediately, like they do with air travel purchases. The same could be done for logging in, but that may complicate mobile interaction, especially if trying to use the app in a foreign country. For sure, logging in by your email is not safe.
Apparently, reported elsewhere, several airlines, including Delta were compromised sometime in September or October. It's not clear what was taken, logins and skymiles numbers, probably, In any case, I am recommending readers check their balances and create new robust passwords for their accounts.

In any case, the supervisor said that lots of people will be or have been impacted, so this is a heads up.

----------------
3Cforme, Delta Forum Moderator

I'm going to let this thread stand on its own - instead of merging it. The OP has made an effort to report a meaningful conversation on the topic. Thanks.
Xeno and KenTarmac like this.

Last edited by 3Cforme; Nov 1, 18 at 11:58 am
leew is offline  
Reply With Quote
Old Nov 1, 18, 11:13 am
  #2  
formerly B7e7US
Marriott Contributor Badge
 
Join Date: Sep 2006
Location: Paris / Santo Domingo / Washington, DC
Programs: AA PLT, DL PLT,SPG, Priority Pass, Accor LeClub Gold, Thalys Gold, JetBlue Mosaic, Other shiny cards
Posts: 3,684
The biggest problem here affecting not only Delta accounts but virtually any other online account is the password reuse. With many Gigabytes of leaked passwords from major websites available online, cybercriminals are using a try and error method with these leaked credentials and often they are successful.
SDQBound is offline  
Reply With Quote
Old Nov 1, 18, 11:25 am
  #3  
 
Join Date: Apr 2017
Posts: 51
Originally Posted by SDQBound View Post
The biggest problem here affecting not only Delta accounts but virtually any other online account is the password reuse. With many Gigabytes of leaked passwords from major websites available online, cybercriminals are using a try and error method with these leaked credentials and often they are successful.
Yup, this is definitely true. I've been getting spammed lately with messages saying that they've hacked my account and are using my webcam to spy on me and they'll release pictures and stuff. The interesting thing about these spam messages is that they've included an email address and password combination as "proof" that they've hacked me, and it's indeed a combination that I've used on things I considered "low value" accounts in the past. Ironically, it also basically is proof that they didn't actually hack the computer, because that combination wouldn't do them any good for anything with that.

But there are definitely lists out there, and they're being used to try to get into sites and to convince you to pay money to people. We're well past the days when you could get away with only using a few passwords for things.
cardsqc is offline  
Reply With Quote
Old Nov 1, 18, 11:31 am
  #4  
 
Join Date: Jun 2006
Location: NYC
Programs: DL GM/SC; GE; Marriott PPE; IHG Spire
Posts: 1,869
Originally Posted by SDQBound View Post
The biggest problem here affecting not only Delta accounts but virtually any other online account is the password reuse. With many Gigabytes of leaked passwords from major websites available online, cybercriminals are using a try and error method with these leaked credentials and often they are successful.
That's a very good point. I used to re-use passwords on multiple websites. Then a few years ago, one of my accounts got hacked - nothing big, it was an online shopping website and I immediately got an email and was able to void the transaction (the thief ordered a gift card but neglected to change the email address on the account, so I knew as soon as the transaction was complete). I started going through all the websites where I'd used the same email and password and changed them all (and deleted any cc details on file, so even if I was hacked again, there would be no card for the thief to use).

Now I never, ever use the same password twice and thankfully, haven't been hacked since.
ShopAround is offline  
Reply With Quote
Old Nov 2, 18, 1:45 am
  #5  
 
Join Date: Apr 2000
Location: Cary, NC, USA - AA Plt 3mm/DL Dia 1mm, Hil/Dia Life, Hol/Spire, Marr/Plt
Posts: 3,252
Just two days ago I got a similar spam that cardsqc noted above. They had my email and an old password that said my account was hacked and they demanded money. Just two weeks ago, my Amazon account was hacked and over $1500 including a new iPhone was purchased. Although I saw it the morning after the hack, I could only cancel some of the shipments, Amazon processed the orders and shipped the products after repeated calls to their customer service that these were not my orders going to Wilmington, DE. I suspect an inside job or they got in through password autofill from my hacked yahoo account. I am still awaiting reimbursement, promised to me by all four customer service personnel I have talked to, but it is not there yet.I now am using two step authentication on Amazon. Note I am pretty careful, I have passwords not in the dictionary, with caps and numbers, I don't log into anything financial on public computers, nobody except Mrs. Outoftown knew I had a large balance with Amazon, which ironically came from Delta issued Amazon Gift Cards for two VDBs. The balance was only there a month, and I was the only one that knew the password. My email now has a totally new and different password from all other accounts.

Last edited by outoftown; Nov 2, 18 at 1:59 am Reason: clarity
outoftown is offline  
Reply With Quote

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Thread Tools
Search this Thread
 
  • Ask a Question
    Get answers from community experts
Question Title:
Description:
Your question will be posted in: