Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Delta Air Lines | SkyMiles
Reload this Page >

Delta FF acct hacked, miles stolen & more

Delta FF acct hacked, miles stolen & more

Old Jun 18, 19, 8:23 am
  #1  
Original Poster
 
Join Date: Jun 2017
Programs: Delta, IHG, Hilton, Hyatt,
Posts: 7
Exclamation Delta FF acct hacked, miles stolen & more

When I went to log on to my Delta FF account , it came back as "locked for security reasons", and I had to send them proof of identity and address, etc. to unlock it. After three days, it was still inaccessible. Calling the Elite Desk got me nowhere, but I did find out that the reason it was locked was that it appeared (according to the agent) that someone had accessed my account and stolen my FF miles.

Then it got messier.

It took 10 days before they finally sent me the email telling me that they had received and verified my information and unlocked my account, and enclosed instructions on how to access my account and change my password.

I couldn't get in. The address that I was required to put in to unlock the account was not the address they had on file. Nothing worked.

Finally, I got a manager to help me. The address that was on file for my account was in the Bronx, a place I had never lived. She gave me that address, I used it to access my account, and discovered that all my mies were gone, and all my personal identification had been changed- my address, my phone number, my email, AND the address on the credit cards I had stored in my wallet.

It took hours on the phone with the manager, and more hours with the credit card company, etc...

But here's the thing: the manager said I was the third person in the last two days that she had helped with this, and that hackers are accessing accounts through Outlook, and they had no way to stop them. She said it's happening often now, and that "they are very good at it".

When I asked her what they intended to do about the fact that someone now had access to (and probably sold) my identification, including my passport, trusted traveler and global entry ID numbers, as well as my credit card information, she said there was nothing they can could do about that. All they could, and would, do was file a "fraud report" when the theft was discovered.

I also had to call the company where my FF miles had been used - the hackers had redeemed my miles to buy a top of the line I Pad, among other things. It took a week to get my miles back, and that's only because I had insisted that Delta call them and put in the record that it was a fraudulent use of the miles.

This is a mess, and Delta is taking no responsibility, even though they know it is a frequent issue. They're just "dealing with it on a case by case basis". How? By locking the account, then washing their hands of it.

Anyone else having this problem?
FlyingNone and sdadept like this.
OWLCAR is offline  
Old Jun 18, 19, 8:35 am
  #2  
 
Join Date: Dec 2002
Location: Washington, DC, Chapel Hill, NC (RDU)
Programs: DL Diam 2MM (2.3), HH Gold, PC Gold, Hyatt Plat
Posts: 5,470
No, but thanks for the heads-up. Sorry for your problems.
mot29 is offline  
Old Jun 18, 19, 9:10 am
  #3  
 
Join Date: Aug 2003
Location: Mesilla, NM
Programs: DL DM 4.6 MM MQM Marriott Ambassador Lifetime Titanium
Posts: 2,627
Originally Posted by OWLCAR View Post
But here's the thing: the manager said I was the third person in the last two days that she had helped with this, and that hackers are accessing accounts through Outlook, and they had no way to stop them. She said it's happening often now, and that "they are very good at it".
Can you provide details on what you mean here?
hnewman is offline  
Old Jun 18, 19, 9:15 am
  #4  
 
Join Date: Apr 2006
Location: New York
Programs: SPG LT Gold, DL DM360 1MM
Posts: 677
Yikes! Terrifying!
Did you have to individually reach out to every place where your miles were used?
I have a 7 digit # of miles so I'm a little worried if they spend that that I'll probably be busy chasing refunds for a while... time to change my password to something stronger...
mayhem is offline  
Old Jun 18, 19, 9:28 am
  #5  
FlyerTalk Evangelist
 
Join Date: Jul 2003
Posts: 19,178
Originally Posted by hnewman View Post
Can you provide details on what you mean here?
I suspect agent meant that people have been getting access to Delta Skymiles accounts via hacked email accounts (where hacker proceeds to discover Skymiles ID and reset Delta password from the user's email account). Would suggest OP check recent logins into email account if possible and reset email account password.
flyer4512 likes this.
xliioper is offline  
Old Jun 18, 19, 9:57 am
  #6  
 
Join Date: Aug 2003
Location: Mesilla, NM
Programs: DL DM 4.6 MM MQM Marriott Ambassador Lifetime Titanium
Posts: 2,627
Originally Posted by xliioper View Post
I suspect agent meant that people have been getting access to Delta Skymiles accounts via hacked email accounts (where hacker proceeds to discover Skymiles ID and reset Delta password from the user's email account). Would suggest OP check recent logins into email account if possible and reset email account password.
Got it. If you get into someones email bad things will happen.
hnewman is offline  
Old Jun 18, 19, 10:00 am
  #7  
 
Join Date: May 2010
Posts: 2,800
Sounds like the problem may be in Outlook not Delta. If so there's not much Delta can do.

They do have an alert about passwords and another to protect your data on their website.
HDQDD likes this.
Orange County Commuter is offline  
Old Jun 18, 19, 10:12 am
  #8  
Marriott Contributor Badge
 
Join Date: May 1999
Location: CVG, DAY, CMH
Programs: DL DM 3MM, HH Diamond, Marriott Plat Elite
Posts: 1,403
Sorry, but I DO think Delta has culpability here. They don't even offer two form authentication. And yet, they are storing Credit card, Passport, trusted Traveler numbers and more. A blatant example is getting a BP at the airport from a kiosk, all one needs to know is the Delta Frequent flyer number to access today's travel information. Their system should have immediately sent an email to the OP, and maybe it did and the email account was also hacked. In any case, their systems need to be stronger in today's internet crime spree age.
SK, DiverDave, wlau and 10 others like this.
DL Platinum is offline  
Old Jun 18, 19, 10:17 am
  #9  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 99,079
I just got an email today from DL about an upcoming trip, The message had my FF account number and RDM balance very prominently displayed at the top. If someone were to hack into the email and then get into the FF account using the same password (mine is different), they would have access to the entire FF account, including credit card numbers, birthdate, etc.
OWLCAR likes this.
MSPeconomist is offline  
Old Jun 18, 19, 10:31 am
  #10  
 
Join Date: Apr 2019
Location: DEN
Programs: DL DM
Posts: 565
**Disclaimer: this message is directed at everyone and not just the OP**
This is further proof to why you shouldn't store sensitive info online (i.e. passport #s , DL #s , CC #s ) and you should use a different password for every account. I need more info from the OP, but I wouldn't be surprised if his/her email address and password combo had been leaked online from a different breach and the hacker just used those credentials to login to the DL account.

For the OP, I would recommend putting a fraud alert (different from a freeze) on your credit report. You should assume whoever hacked your account has all the info you stored on there.
eneq is offline  
Old Jun 18, 19, 10:43 am
  #11  
 
Join Date: Jun 2004
Location: ATL
Programs: Delta PlM, 1M
Posts: 6,206
The email account used to access and vet your valuable on line accounts must be kept secure.

Treat that login as valuable as your bank/broker/... account passwords. And I would never use an office (Office or not) account for this.
exwannabe is offline  
Old Jun 18, 19, 11:57 am
  #12  
 
Join Date: Dec 2018
Location: PHX
Programs: Delta DM, Marriott Lifetime Titanium, HHonrs Diamond
Posts: 1,310
Originally Posted by Orange County Commuter View Post
Sounds like the problem may be in Outlook not Delta. If so there's not much Delta can do.

They do have an alert about passwords and another to protect your data on their website.
Use a desktop email client and have all emails fetched and removed from the server every 1 minute.

Microsoft and others make bank selling annual and monthly subscriptions for cloud-based services and none will ever be more secure than storing information on an offline computer that you have in your possession.
jspira likes this.
FlyBitcoin is offline  
Old Jun 18, 19, 1:29 pm
  #13  
 
Join Date: Sep 2012
Location: Dayton, OH/CVG
Programs: DA Diamond(1 MM), Marriott Bonvoy Ambassador/Charter Ambassador, Hyatt Glob, Hertz Presidents Circle
Posts: 775
Locked Out Of Skymiles Account Due To Security Issue

Same thing happened to me earlier this year. It was a nightmare to get the miles back and, more importantly to me, just top get access to my account. Frustrating process to say the least. I appreciate Delta's vigilance, but the process was so long and involved

good luck. .
OWLCAR likes this.
Ryno1234 is offline  
Old Jun 18, 19, 2:18 pm
  #14  
FlyerTalk Evangelist
 
Join Date: Apr 2001
Location: NYC
Posts: 25,333
This has been happening with AAdvantage and HHonors as well, and probably others. One commonality that has been discussed from those in the know relates to people using easy passwords and/or using the same passwords for multiple websites, both big no-nos today.
ijgordon is offline  
Old Jun 18, 19, 2:19 pm
  #15  
 
Join Date: Feb 2019
Posts: 46
My colleague's Amex account just got hacked. All his UR points were used for Home Depot gift cards. He also uses his linked email account in Outlook so now it looks like a very similar situation. Luckily after he called Amex all his stolen points were restored.
Agosti is offline  

Thread Tools
Search this Thread