Delta account hacked
#16
FlyerTalk Evangelist
Join Date: Nov 2000
Location: Nashville -Past DL Plat, FO, WN-CP, various hotel programs
Programs: DL-MM, AA, SW w/companion,HiltonDiamond, Hyatt PLat, IHF Plat, Miles and Points Seeker
Posts: 11,072
I am awaiting for the OP to come back and tell us a bit more. Maybe even solved?
* Have any other accounts been hacked - and/or do you have many other online accounts
* Recent change of computer/phone/tablet
* Last few times you used a different computer - hotel, airport, library, friend, etc
There is an answer - would love to hear how it happened?
* Have any other accounts been hacked - and/or do you have many other online accounts
* Recent change of computer/phone/tablet
* Last few times you used a different computer - hotel, airport, library, friend, etc
There is an answer - would love to hear how it happened?
#17
Original Poster
Join Date: Mar 2002
Location: Thetford, VT USA
Posts: 259
I am awaiting for the OP to come back and tell us a bit more. Maybe even solved?
* Have any other accounts been hacked - and/or do you have many other online accounts
* Recent change of computer/phone/tablet
* Last few times you used a different computer - hotel, airport, library, friend, etc
There is an answer - would love to hear how it happened?
* Have any other accounts been hacked - and/or do you have many other online accounts
* Recent change of computer/phone/tablet
* Last few times you used a different computer - hotel, airport, library, friend, etc
There is an answer - would love to hear how it happened?
#18
FlyerTalk Evangelist
Join Date: Nov 2000
Location: Nashville -Past DL Plat, FO, WN-CP, various hotel programs
Programs: DL-MM, AA, SW w/companion,HiltonDiamond, Hyatt PLat, IHF Plat, Miles and Points Seeker
Posts: 11,072
or
Like so many companies, it does not seem to be worth their time and effort to deal with it. May not be in any employee's "job description", or nobody is measured on it. Or maybe even if they do figure it out, they have such little recourse to go after the person in some distant country, etc.
Many of us out here sure would love to know how they are getting into this information.
#19
Join Date: Nov 2018
Posts: 5
Airport Security should be contacted as well.
I would also contact airport internet/fraud prevention/security. Every major airport has it.
If you logged into a device at the airport, your information can be stolen. When you sign into free WiFi at a public location, there is generally a warning about not using sensitive information there as the connection is not deemed to be secure.
Recently had a conversation with someone who was a victim of password and identity theft. He learned that the thief or thieves would skim his information at the airport. Every few days when he was travelling, he would change his information. Only problem was that it was stolen again. Stopped happening when he ceased doing anything at the airport that you have to logon or use a password for. Just a thought.
If you logged into a device at the airport, your information can be stolen. When you sign into free WiFi at a public location, there is generally a warning about not using sensitive information there as the connection is not deemed to be secure.
Recently had a conversation with someone who was a victim of password and identity theft. He learned that the thief or thieves would skim his information at the airport. Every few days when he was travelling, he would change his information. Only problem was that it was stolen again. Stopped happening when he ceased doing anything at the airport that you have to logon or use a password for. Just a thought.
#20
Join Date: Dec 2009
Location: SAN
Posts: 4,922
No other accounts of mine have been hacked and I have FF accounts with several airlines, credit card accounts with several banks, accounts with many stores, brokerage accounts, etc. I have not used a public computer in recent memory. I own three computers, all Macs, the newest about one year old. All are scanned regularly for viruses and malware and nothing has been found along these lines. The credit card used on the first fraudulent redemption of my miles was a visa card I do not own. I have 3 cards listed with Delta and only the most recent fraud, where expensive international flights were purchased using one of my credit cards, used one of these cards. The first redemption, in mid-Nov. for 260,000 miles, used a Visa card that is not mine. I would think Delta could use that card information either to identify the person committing fraud or, at the least, identify someone whose credit cards have been hacked and used to redeem my skymiles. The thing that concerns me most is that Delta does not appear to be all that interested in using their full powers to figure this out.
I finally figured it out. My email had been hacked.
The hacker had accessed the web version of my account and had added a rule to forward all email to his gmail account. I would have never known about it except for the hacker messed up and created a rule that prevented me from receiving email in my inbox. It took me a couple of days to put 2 and 2 together to figure out the connection between not receiving emails and the issues with FB.
Earlier, I had called my provider, Cox, to try to sort out why I wasn't getting email delivered to my outlook They were useless. In fact, the more I thought about the info they gave me, the more I realized that what the technical support person was telling me was made up B.S.*** That led me to try logging in through the web and to root around in the settings there. That's how I found out what had been done. The hacker had, accidentally, I suppose, ticked a box that kept me from receiving my email.
Hope this proves helpful!
***A fact confirmed when I called back and spoke to a supervisor.
So, you might want to see if something similar has happened to you.
#21
Join Date: Feb 2003
Location: New Orleans (for now)
Programs: DL PM, WN, SC, various other programs of lowly status
Posts: 1,673
I had a similar experience several years ago. I used the complimentary laptop in a hotel’s lounge in Paris to log into my main email account to print something. (Something I had never done before or since.)
A week or so later I began getting dozens of out of office notices every day from people I never heard of and had not emailed. AT&T told me it ignore it, someone had spoofed my email addy and it would eventually stop. Or I could set up a new email account.
To make a very long story short, my email addy wasn’t spoofed, the account was hacked. They set up 9 sub accounts and were sending out hundreds of spam emails from each one daily. AT&T shut down my account and it took me weeks working with fraud prevention to get it back.
A week or so later I began getting dozens of out of office notices every day from people I never heard of and had not emailed. AT&T told me it ignore it, someone had spoofed my email addy and it would eventually stop. Or I could set up a new email account.
To make a very long story short, my email addy wasn’t spoofed, the account was hacked. They set up 9 sub accounts and were sending out hundreds of spam emails from each one daily. AT&T shut down my account and it took me weeks working with fraud prevention to get it back.
#22
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,369
Could the Starriott date breach be to blame? Many of us had our DL FF number attached to our SPG accounts in order to get (R I P) crossover benefits.
#23
Join Date: Sep 2009
Location: HNL
Programs: DL PM/1MM, BW DE (lifetime), HH DE, Marriott PE (lifetime), National Emerald Executive
Posts: 7,204
If it used the same password as DL account then yes, as SPG stored passwords in clear text (!!). SPG had the worst security of any online travel services provider I know of; their online chat and phone staff would have access to your login password in clear text and they would ask you for it for verification (then a few years ago they changed it to a separate clear-text "password" for verification and stopped using the login password for it, but still). I was surprised at how they could possibly get away with such an extremely anti-security conscious set-up...and of course obviously they didn't. But, that would be just initial password, not after the OP changed the password on DL.
#24
Join Date: Aug 2018
Location: SEA
Programs: DL DM
Posts: 292
Unfortunately, something like that would be the most likely culprit. These are targeted attacks so they know a few pieces about you and one of those is that you are a points collector.
#25
Original Poster
Join Date: Mar 2002
Location: Thetford, VT USA
Posts: 259
Linkage of my SPG and Delta accounts
If it used the same password as DL account then yes, as SPG stored passwords in clear text (!!). SPG had the worst security of any online travel services provider I know of; their online chat and phone staff would have access to your login password in clear text and they would ask you for it for verification (then a few years ago they changed it to a separate clear-text "password" for verification and stopped using the login password for it, but still). I was surprised at how they could possibly get away with such an extremely anti-security conscious set-up...and of course obviously they didn't. But, that would be just initial password, not after the OP changed the password on DL.
My accounts were probably linked. I alternate between being DL Plat and DL Gold although I don't recall getting crossover points in the past. I don't stay at Starwood very often and when we do, I'm usually with my wife, who has been Delta Platinum for many years, and we are more in the custom of having her be the person who receives SPG points and gets any crossover points.
It's been years since I regularly used the same password on multiple accounts, that's unlikely to be the source of the problem.
Since there haven't been a large number of people responding to my thread saying they had the same or a similar thing happen, it doesn't seem likely to be via a mechanism that affected a large number of people.
#26
Join Date: Dec 2018
Posts: 1
Delta Skymiles Account Hacked
Well it just happened to me today. My account was hacked for 542k miles and they redeemed them on the Delta Skymiles Marketplace for a bunch of Amazon cards. I'm a Diamond member and because I travel so much i'm on my account almost every day so I called right away. My account is locked down now and I can't use it right now and I fly again on Monday. I now have to travel the hardway and checkin at the airport which adds more time (and aggravation). They told me their fraud team is on it and they usually find the person(s) and prosecute. I guess I have to wait and see how this turns out. I'm curious if Delta redeposits the stolen Skymiles, anyone know?
Last edited by Dmueller; Dec 8, 2018 at 9:30 pm Reason: Typo
#27
Original Poster
Join Date: Mar 2002
Location: Thetford, VT USA
Posts: 259
My miles were restored but were redeemed for tickets that Delta cancelled
Well it just happened to me today. My account was hacked for 542k miles and they redeemed them on the Delta Skymiles Marketplace for a bunch of Amazon cards. I'm a Diamond member and because I travel so much i'm on my account almost every day so I called right away. My account is locked down now and I can't use it right now and I fly again on Monday. I now have to travel the hardway and checkin at the airport which adds more time (and aggravation). They told me their fraud team is on it and they usually find the person(s) and prosecute. I guess I have to wait and see how this turns out. I'm curious if Delta redeposits the stolen Skymiles, anyone know?