Delta FF acct hacked, miles stolen & more
Jun 18, 2019, 8:23 am
#1
Original Poster
Join Date: Jun 2017
Programs: Delta, IHG, Hilton, Hyatt,
Posts: 7
Delta FF acct hacked, miles stolen & more
When I went to log on to my Delta FF account , it came back as "locked for security reasons", and I had to send them proof of identity and address, etc. to unlock it. After three days, it was still inaccessible. Calling the Elite Desk got me nowhere, but I did find out that the reason it was locked was that it appeared (according to the agent) that someone had accessed my account and stolen my FF miles.
Then it got messier.
It took 10 days before they finally sent me the email telling me that they had received and verified my information and unlocked my account, and enclosed instructions on how to access my account and change my password.
I couldn't get in. The address that I was required to put in to unlock the account was not the address they had on file. Nothing worked.
Finally, I got a manager to help me. The address that was on file for my account was in the Bronx, a place I had never lived. She gave me that address, I used it to access my account, and discovered that all my mies were gone, and all my personal identification had been changed- my address, my phone number, my email, AND the address on the credit cards I had stored in my wallet.
It took hours on the phone with the manager, and more hours with the credit card company, etc...
But here's the thing: the manager said I was the third person in the last two days that she had helped with this, and that hackers are accessing accounts through Outlook, and they had no way to stop them. She said it's happening often now, and that "they are very good at it".
When I asked her what they intended to do about the fact that someone now had access to (and probably sold) my identification, including my passport, trusted traveler and global entry ID numbers, as well as my credit card information, she said there was nothing they can could do about that. All they could, and would, do was file a "fraud report" when the theft was discovered.
I also had to call the company where my FF miles had been used - the hackers had redeemed my miles to buy a top of the line I Pad, among other things. It took a week to get my miles back, and that's only because I had insisted that Delta call them and put in the record that it was a fraudulent use of the miles.
This is a mess, and Delta is taking no responsibility, even though they know it is a frequent issue. They're just "dealing with it on a case by case basis". How? By locking the account, then washing their hands of it.
Anyone else having this problem?
Then it got messier.
It took 10 days before they finally sent me the email telling me that they had received and verified my information and unlocked my account, and enclosed instructions on how to access my account and change my password.
I couldn't get in. The address that I was required to put in to unlock the account was not the address they had on file. Nothing worked.
Finally, I got a manager to help me. The address that was on file for my account was in the Bronx, a place I had never lived. She gave me that address, I used it to access my account, and discovered that all my mies were gone, and all my personal identification had been changed- my address, my phone number, my email, AND the address on the credit cards I had stored in my wallet.
It took hours on the phone with the manager, and more hours with the credit card company, etc...
But here's the thing: the manager said I was the third person in the last two days that she had helped with this, and that hackers are accessing accounts through Outlook, and they had no way to stop them. She said it's happening often now, and that "they are very good at it".
When I asked her what they intended to do about the fact that someone now had access to (and probably sold) my identification, including my passport, trusted traveler and global entry ID numbers, as well as my credit card information, she said there was nothing they can could do about that. All they could, and would, do was file a "fraud report" when the theft was discovered.
I also had to call the company where my FF miles had been used - the hackers had redeemed my miles to buy a top of the line I Pad, among other things. It took a week to get my miles back, and that's only because I had insisted that Delta call them and put in the record that it was a fraudulent use of the miles.
This is a mess, and Delta is taking no responsibility, even though they know it is a frequent issue. They're just "dealing with it on a case by case basis". How? By locking the account, then washing their hands of it.
Anyone else having this problem?
Jun 18, 2019, 9:10 am
#3
Join Date: Aug 2003
Location: Mesilla, NM
Programs: DL DM 4.7 MM MQM Marriott Ambassador Lifetime Titanium AA CK
Posts: 2,714
But here's the thing: the manager said I was the third person in the last two days that she had helped with this, and that hackers are accessing accounts through Outlook, and they had no way to stop them. She said it's happening often now, and that "they are very good at it".
Jun 18, 2019, 9:15 am
#4
Join Date: Apr 2006
Location: New York
Programs: SPG LT Gold, DL PM 1MM
Posts: 692
Yikes! Terrifying!
Did you have to individually reach out to every place where your miles were used?
I have a 7 digit # of miles so I'm a little worried if they spend that that I'll probably be busy chasing refunds for a while... time to change my password to something stronger...
Did you have to individually reach out to every place where your miles were used?
I have a 7 digit # of miles so I'm a little worried if they spend that that I'll probably be busy chasing refunds for a while... time to change my password to something stronger...
Jun 18, 2019, 9:28 am
#5
FlyerTalk Evangelist
Join Date: Jul 2003
Posts: 23,051
I suspect agent meant that people have been getting access to Delta Skymiles accounts via hacked email accounts (where hacker proceeds to discover Skymiles ID and reset Delta password from the user's email account). Would suggest OP check recent logins into email account if possible and reset email account password.
Jun 18, 2019, 9:57 am
#6
Join Date: Aug 2003
Location: Mesilla, NM
Programs: DL DM 4.7 MM MQM Marriott Ambassador Lifetime Titanium AA CK
Posts: 2,714
I suspect agent meant that people have been getting access to Delta Skymiles accounts via hacked email accounts (where hacker proceeds to discover Skymiles ID and reset Delta password from the user's email account). Would suggest OP check recent logins into email account if possible and reset email account password.
Jun 18, 2019, 10:12 am
#8
Join Date: May 1999
Location: CVG
Programs: DL DM 4MM, Lifetime Marriott Plat Elite, HH Diamond
Posts: 1,429
Sorry, but I DO think Delta has culpability here. They don't even offer two form authentication. And yet, they are storing Credit card, Passport, trusted Traveler numbers and more. A blatant example is getting a BP at the airport from a kiosk, all one needs to know is the Delta Frequent flyer number to access today's travel information. Their system should have immediately sent an email to the OP, and maybe it did and the email account was also hacked. In any case, their systems need to be stronger in today's internet crime spree age.
Jun 18, 2019, 10:17 am
#9
A FlyerTalk Posting Legend
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,404
I just got an email today from DL about an upcoming trip, The message had my FF account number and RDM balance very prominently displayed at the top. If someone were to hack into the email and then get into the FF account using the same password (mine is different), they would have access to the entire FF account, including credit card numbers, birthdate, etc.
Jun 18, 2019, 10:31 am
#10
Join Date: Apr 2019
Location: DEN
Programs: DL DM
Posts: 583
**Disclaimer: this message is directed at everyone and not just the OP**
This is further proof to why you shouldn't store sensitive info online (i.e. passport #s , DL #s , CC #s ) and you should use a different password for every account. I need more info from the OP, but I wouldn't be surprised if his/her email address and password combo had been leaked online from a different breach and the hacker just used those credentials to login to the DL account.
For the OP, I would recommend putting a fraud alert (different from a freeze) on your credit report. You should assume whoever hacked your account has all the info you stored on there.
This is further proof to why you shouldn't store sensitive info online (i.e. passport #s , DL #s , CC #s ) and you should use a different password for every account. I need more info from the OP, but I wouldn't be surprised if his/her email address and password combo had been leaked online from a different breach and the hacker just used those credentials to login to the DL account.
For the OP, I would recommend putting a fraud alert (different from a freeze) on your credit report. You should assume whoever hacked your account has all the info you stored on there.
Jun 18, 2019, 10:43 am
#11
Join Date: Jun 2004
Location: ATL
Programs: Delta PlM, 1M
Posts: 6,363
The email account used to access and vet your valuable on line accounts must be kept secure.
Treat that login as valuable as your bank/broker/... account passwords. And I would never use an office (Office or not) account for this.
Treat that login as valuable as your bank/broker/... account passwords. And I would never use an office (Office or not) account for this.
Jun 18, 2019, 11:57 am
#12
Join Date: Dec 2018
Location: PHX
Programs: Delta DM, Marriott Lifetime Titanium, HHonrs Diamond
Posts: 1,336
Microsoft and others make bank selling annual and monthly subscriptions for cloud-based services and none will ever be more secure than storing information on an offline computer that you have in your possession.
Jun 18, 2019, 1:29 pm
#13
Join Date: Sep 2012
Location: Dayton, OH/CVG
Programs: DA Diamond(1 MM), Marriott Bonvoy Ambassador/Charter Ambassador, Hyatt Glob, Hertz Presidents Circle
Posts: 882
Locked Out Of Skymiles Account Due To Security Issue
Same thing happened to me earlier this year. It was a nightmare to get the miles back and, more importantly to me, just top get access to my account. Frustrating process to say the least. I appreciate Delta's vigilance, but the process was so long and involved
good luck. .
Same thing happened to me earlier this year. It was a nightmare to get the miles back and, more importantly to me, just top get access to my account. Frustrating process to say the least. I appreciate Delta's vigilance, but the process was so long and involved
good luck. .
Jun 18, 2019, 2:18 pm
#14
FlyerTalk Evangelist
Join Date: Apr 2001
Location: NYC
Posts: 27,231
This has been happening with AAdvantage and HHonors as well, and probably others. One commonality that has been discussed from those in the know relates to people using easy passwords and/or using the same passwords for multiple websites, both big no-nos today.
Jun 18, 2019, 2:19 pm
#15
Join Date: Feb 2019
Programs: AS MVP Gold
Posts: 146
My colleague's Amex account just got hacked. All his UR points were used for Home Depot gift cards. He also uses his linked email account in Outlook so now it looks like a very similar situation. Luckily after he called Amex all his stolen points were restored.