Ryno1234

Soooo, the circus continues. Last night(during the Super Bowl ) i received an email from the Diamond Desk(although it was the general Delta customer service email address) asking me to submit my gov issued ID to get my account unlocked. The email referenced a case number that was generated THE FIRST TIME I SUBMITTED MY ID!! To re-cap, the email asked me to submit my ID referencing a case number from where i did submit it.

I replied with the history, referenced all the names i have talked to, and re submitted my ID. we shall see.

zitsky

Sounds like a horrible experience. I hope Delta takes care of it for you.

Ryno1234

SUCCESS!!! just randomly tried to log in and it worked! made me re set everything which is fine. Missing miles were redeposited and everything looks good. No extra miles or anything for my troubles or inconvenience, but thats ok. I wasnt in it for that. I just wanted access back.

Thanks to everyone for letting me vent and rant about this. It was a pain. IF ANYONE has this happen to them, please DM me and i can give you some pointers on how to navigate the process.

mikeef

Congrats! They had also told me to resend mine, telling me that the first was illegible. It wasn't, of course, but still...

Mike

Ryno1234

You were so right in that I had to keep on them. Thanks for the guidance

NoStressHere

So. which is worse?

a) Someone hacking into your account
or
b) Delta getting you back in business
or
c) Delta messing around even AFTER they have re-authorized you and your account?

Ryno1234

Great question: I travel every week and usually have 4-6 segments per week, so i am really dependent upon the app. Flight changes, updates, notifications, etc. I got so frustrated at one point I told one of the customer service agents that I would almost surrender the fraudulent points, stop the investigation and just give me access again. Obviously, i am glad I didn't but it was getting close to that.

The hacking thing really didn't bother me: that kind f stuff happens. I appreciated Delta "looking out for me"(even though i am the one who caught the fraudulent activity). What frustrated me was the response and, in my admittedly uneducated opinion, incredibly long time to resolve the issue and the lack of clarity or guidance from anyone who i spoke with as to how to proceed.

eyez412

This just happened to me for the second time this month. Earlier this month, my skymiles were used to purchase luxury goods on the Delta Marketplace site. The fraudulent person logged into my account, changed my password and used miles to buy all sorts of goods. I so happened to log into my delta skymiles account frequently via the app and was locked out one day when I tried to log in. Once I reset my password, I noticed the fraud and called delta right away. They were able to stop the shipment of the goods and reinstate my miles within a couple of days. Fast forward two weeks and now I'm locked out of my account again"due to irregular activity". However, this time around I couldnt just reset my password but instead I had to complete this online verification form and submit proof of identification. The email I received says it takes up to 7 days to hear back re: identity verification. I'm mostly worried that the fraudster getting away with deducting miles again and this time will get the goods. I know delta will reinstate my miles, but 7 days is entirely too long for something like this to be resolved!

MSPeconomist

Even if you can't get into the account, can you ask DL to tell you whether there were any recent transactions. If there were some that you didn't authorize, tell DL that they're fraudulent ASAP.

Are there any other indications that the security breach could go beyond your DL FF account, such as email and credit cards? I assume that you reset the password after the previous incident, but could the person have changed the email on your DL FF account? If they have access to the account, can they see your credit card information too?

eyez412

eyez412

Hi MSPeconomist! I called the Delta Platinum line and the representative was extremely rude and unhelpful stating "she cannot release any information to me" about activity on my skymiles account because it is locked. Clearly if I was the fraudster, I wouldn't be calling to inquire and cancel any pending orders they placed with my miles. I haven't seen any other irregular activity on my other accounts. Thank goodness! I suggest anyone reading this thread to check their skymiles account regularly. This also happened to my friend and they used her miles to buy a mac laptop. Two weeks ago they placed orders with my miles for a Gucci watch and two a luxury bag and wallet. As I said, i was able to catch the unusual activity just in time.

nrr

Reading this thread and others on FT, two-pass verification should be an option/requirement.
Several years ago my gmail acct was hacked, they even changed my password locking me out. But [google]gmail IF you login via your "home" computer lets you reestablish your identity AND set up two-pass. You also get 10 auxiliary "special codes". You can establish "known" devices which won't need two-pass.

Bowgie

And nearly all of this fraud activity would go away if Delta would only allow redemptions for free flights, not an easily fungible "marketplace".

My sympathy to those having to sort out this mess. Same thing happened to me with IHG hotels so easy to hack, someone took my $20 balance to spend for a cash gift certificate on the Chinese version of Amazon. That just goes to show airlines and hotels should not allow miles and points to be freely converted into cash goods.

Zorak

It's not clear to me that's true, since you still see occasional posts from newbies where it becomes clear they bought a too-good-to-be-true deal on airfare and it turns out they bought it from a mileage broker, so as long as that's a thing, there's still an incentive to steal miles.

But even stipulating it for the sake of this discussion...

... IMO it's quite a leap to say that this "goes to show".

Yes, it goes to show that, *if* their goal was to have zero fraud. However I am sure they have a different goal, namely to reduce the number of outstanding miles from their accounting liabilities and turn a profit through various partnerships while maintaining fraud at an acceptable level (acceptable to them that is, not necessarily to us -- and I share your sympathies for anyone who has to deal with this)

HDQDD

Threads like this are a good time to remind everyone NOT use the same password on multiple websites*. I suggest using a password manager like Lastpass that can create random complex passwords and manage inputting them for you. I don't even know what my passwords are on most websites, but via browser (and even on iOS apps) lastpass enters them for me. Also make sure you have 2FA turned on for your email account. Many sites allow password resets via email, so if a hacker gets in your email, they may be able to reset your passwords.

*If you use same username/password everywhere, then when hackers compromise one site and manage to decode user passwords (due to poor hashing or storing them in plain text) they have bots that take their haul and try them on every website you can think of.