Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Hilton | Hilton Honors
Reload this Page >

Consolidated "Hilton Honors Account Hacked" thread

Consolidated "Hilton Honors Account Hacked" thread

Old Jan 17, 2015, 5:14 pm
  #151  
 
Join Date: Dec 2005
Location: Gteborg Sweden
Programs: SPG GOLD / BA GOLD/Club Carlson Gold/AMEX Plat.
Posts: 1,043
What concerns me is when I ask the rep if this happens alot.. She hestitated and states.. IT happens more then you know.. Perhaps I should now reconsider my stay at the Conrad in Hong Kong..
Flyiboy is offline  
Old Jan 18, 2015, 9:40 am
  #152  
 
Join Date: Feb 2013
Programs: Hilton Diamond
Posts: 4,407
Just a comment on ways people can get your account info. This morning under my door at the Doubletree Ocean Point Miami Beach North was not only a copy of my bill, but also for another Diamond staying a floor lower, a Mr. Augusto S and while his address is not on the bill, his Diamond number is.
Miesque is online now  
Old Jan 18, 2015, 10:29 am
  #153  
 
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 232
> It is not a roque hotspot, it is the way Hilton is doing business now.

Correct.

The fact that Hilton WiFi login even asks for all the info required to seize control of an account ... is simply nuts. Somebody does not understand OPSEC.

Whoever Hilton is paying for I/T security advice does not understand the fundamentals of their job. They should be name'd, shame'd and fire'd. But I do not wish to be unreasonable. I am willing to compromise: They should be fired. The REDACTED BY MOD amateurs.

Last edited by squeakr; Jan 18, 2015 at 8:57 pm Reason: semi profanity
gqZJzU4vusf0Z2,$d7 is offline  
Old Jan 18, 2015, 4:19 pm
  #154  
 
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Hello, hello?
Conrad Hilton are you there?
There appears to be a some significant breaches of your ability to preserve the privacy of your customer's most important data.
Are you there? Are you going to respond?
JohnMacWW is offline  
Old Jan 18, 2015, 8:18 pm
  #155  
 
Join Date: Jan 2011
Location: LAX
Programs: Delta Silver, Marriott Gold, HH Diamond, Ex-UA Gold, Ex-AA Gold , Ex-SPG Gold, Peon everywhere else
Posts: 616
I got hacked today for the tune of 225,000 points. Initially I had gotten an email (around 11:30am) saying my address had changed. So I went online and checked and sure enough, there was an address from Singapore on my account (I live in SoCal). I suspected something wrong, so I immediately changed it back to my address, changed my password and called customer service. Their response was that maybe someone had mistakenly given my account number while requesting an address change and since my point total was unchanged, I figured that was probably the case. As a precaution I asked the rep to annotate in my account that any future acct changes or point redemptions should prompt a DOB and PIN request. Then at around 4:30 pm I get another email from HHonors with an order confirmation. It was the redemption of 225,000 points for the two $200 GC's. Called customer service again to report it and was given a case number. Does anyone know if Hilton returns the points and if so, how long will it take?
eknock007 is offline  
Old Jan 19, 2015, 9:19 am
  #156  
FlyerTalk Evangelist
 
Join Date: Jun 2004
Location: MSP
Programs: DL PM, MM, NR; HH Diamond, Bonvoy LT Gold, Hyatt Explorist, IHG Diamond, others
Posts: 12,159
Originally Posted by eknock007
I got hacked today for the tune of 225,000 points. Initially I had gotten an email (around 11:30am) saying my address had changed. So I went online and checked and sure enough, there was an address from Singapore on my account (I live in SoCal). I suspected something wrong, so I immediately changed it back to my address, changed my password and called customer service. Their response was that maybe someone had mistakenly given my account number while requesting an address change and since my point total was unchanged, I figured that was probably the case. As a precaution I asked the rep to annotate in my account that any future acct changes or point redemptions should prompt a DOB and PIN request. Then at around 4:30 pm I get another email from HHonors with an order confirmation. It was the redemption of 225,000 points for the two $200 GC's. Called customer service again to report it and was given a case number. Does anyone know if Hilton returns the points and if so, how long will it take?
Based on what we've seen here, Hilton likely will return the points. I don't know how long it takes; that varies.
sethb is offline  
Old Jan 19, 2015, 10:02 pm
  #157  
 
Join Date: Jan 2011
Location: LAX
Programs: Delta Silver, Marriott Gold, HH Diamond, Ex-UA Gold, Ex-AA Gold , Ex-SPG Gold, Peon everywhere else
Posts: 616
Originally Posted by eknock007
I got hacked today for the tune of 225,000 points. Initially I had gotten an email (around 11:30am) saying my address had changed. So I went online and checked and sure enough, there was an address from Singapore on my account (I live in SoCal). I suspected something wrong, so I immediately changed it back to my address, changed my password and called customer service. Their response was that maybe someone had mistakenly given my account number while requesting an address change and since my point total was unchanged, I figured that was probably the case. As a precaution I asked the rep to annotate in my account that any future acct changes or point redemptions should prompt a DOB and PIN request. Then at around 4:30 pm I get another email from HHonors with an order confirmation. It was the redemption of 225,000 points for the two $200 GC's. Called customer service again to report it and was given a case number. Does anyone know if Hilton returns the points and if so, how long will it take?
UPDATE: I got an email today from HHonors Loss Prevention informing me that my points had been restored. They cancel my old account number and created a new for me. Apparently they were able to cancel the GC order in time. Good to see that Hilton is on top of this when people end up of becoming a victim.
eknock007 is offline  
Old Jan 20, 2015, 10:44 am
  #158  
 
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Originally Posted by eknock007
UPDATE: I got an email today from HHonors Loss Prevention informing me that my points had been restored. They cancel my old account number and created a new for me. Apparently they were able to cancel the GC order in time. Good to see that Hilton is on top of this when people end up of becoming a victim.
Can you list the timeline you endured? (I.e. how many days between you alerting Hilton and having a new HH Account with all points restored).

Was your HH account suspended for an intermim period or did they give you a new one immediately? When they gave you a new HH account, how quickly did the then-remaining point balance in your old account get transfered and thus be usable?

Did they just transfer all of your personal data and preferences to the new account or did you have to go in and enter some of it (like CC info or preferences)?
JohnMacWW is offline  
Old Jan 20, 2015, 1:33 pm
  #159  
 
Join Date: Jan 2011
Location: LAX
Programs: Delta Silver, Marriott Gold, HH Diamond, Ex-UA Gold, Ex-AA Gold , Ex-SPG Gold, Peon everywhere else
Posts: 616
Originally Posted by JohnMacWW
Can you list the timeline you endured? (I.e. how many days between you alerting Hilton and having a new HH Account with all points restored).

Was your HH account suspended for an intermim period or did they give you a new one immediately? When they gave you a new HH account, how quickly did the then-remaining point balance in your old account get transfered and thus be usable?

Did they just transfer all of your personal data and preferences to the new account or did you have to go in and enter some of it (like CC info or preferences)?
Here is the timeline:

1/18 1:30pm: Email from Hilton indicating I had changed my address. Immediately called Hilton CS to report the incident.

1/18 4:36pm: Email from Hilton with the order confirmation. Called Hilton CS around 6pm to report that 225.0000 points had been stolen and I was given a case number.

1/18 6:17pm. I forwarded the order confirmation email to Hilton Loss Prevention. Got a email acknowledgement right away from Hilton.

1/19 10:50am: received two emails from Hilton Loss Prevention. One indicating I had a new PIN and the other indicating that the order had been canceled and that my points had been restored. Also that a new account number had been created and the old one closed.

The new account seems to have all of my info from my previous account with the exception of stored credit cards. Those I have to add. The whole transfer of info and points happen rather quickly. I had gone into my old account early on the 19th to see if there was any change and everything was still the same. As soon as I got the email from Loss Prevention that I had a new account, I logged into the new account and saw that the original points total had been restored along with most of my personal info. I have not check everything but what matter the most was the points. I tried to log-in to my old account but the log-in was no longer valid.
eknock007 is offline  
Old Jan 20, 2015, 1:57 pm
  #160  
IMH
 
Join Date: Jul 2007
Location: Berlin
Programs: BA Gold; SK Gold; Accor Platinum; IHG Diamond-Amb.; Meli/HH/Bonvoy Gold
Posts: 5,520
Thanks for the comprehensive report. It seems that the Hilton people responsible for resolving these problems are pretty good. Shame the company still hasn't tightened things up to prevent the problems happening in the first place.

Originally Posted by eknock007
The new account seems to have all of my info from my previous account with the exception of stored credit cards. Those I have to add.
I'm probably not alone in thinking that it's better not to store credit card information in your HH profile right now.
IMH is offline  
Old Jan 20, 2015, 3:53 pm
  #161  
 
Join Date: Jan 2011
Location: LAX
Programs: Delta Silver, Marriott Gold, HH Diamond, Ex-UA Gold, Ex-AA Gold , Ex-SPG Gold, Peon everywhere else
Posts: 616
Originally Posted by IMH
It seems that the Hilton people responsible for resolving these problems are pretty good.
Yeah I was kind off surprise that it took less than one day to recover the points. I was anticipating weeks of agonizing wait time for any action to occur as far as remedying the situation. The email from Loss Prevention mention that it would take 7-10 business days to review and respond to my issue.
eknock007 is offline  
Old Jan 20, 2015, 6:39 pm
  #162  
 
Join Date: Feb 2013
Location: ANC
Programs: AS; Hyatt; Bonvoy
Posts: 1,718
Originally Posted by IMH

I'm probably not alone in thinking that it's better not to store credit card information in your HH profile right now.
Keep checking back on your credit card information to make sure it stays gone.

I thought deleted my card details after a lengthy process - the system would say my profile was updated and the card details vanished. But the next time I logged in the card information was back again.

So taking trip from others on the forum, I used the app instead of the laptop to delete card information. It seemed to work.

But then after I had a stay at a property I found the card I'd used at that particular hotel was back in my profile. It just kept coming back ...

Now what I've done is added a card number for an account that was recently closed. After my hotel stay next week I'll check to see if that old card is still on file or whether my HHonors card number details have (again) replaced it.
AKCuisine is offline  
Old Jan 21, 2015, 1:37 pm
  #163  
 
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 232
> I thought deleted my card details after a lengthy process - the system
> would say my profile was updated and the card details vanished. But the
> next time I logged in the card information was back again.

Ditto. I'm having the same problem with phone numbers.
gqZJzU4vusf0Z2,$d7 is offline  
Old Jan 21, 2015, 1:46 pm
  #164  
 
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 232
Protect Against Rogue HHONORS Access Points ...

This is a soln that will (only) mitigate the rogue HHONORS access point attack.

Upon check-in, I ask the Front Desk for the WiFi "coupon/code" for the day/week. I use it to login to the WiFi ... without ever entering my HHonors account nbr, PIN and room number.

If I have happened to connect to a rogue HHONORS access point, all they get is the coupon/code for the day/week.
gqZJzU4vusf0Z2,$d7 is offline  
Old Jan 25, 2015, 7:17 am
  #165  
 
Join Date: Apr 2008
Location: Germany, Austria
Programs: IHG Diamond Ambassador, ALL Silver,, Miles&More
Posts: 1,123
I havent been following these thread but I tell you what nervs me:

I can no more automatically sign into my HHonors account, which I usually did on my Envy by HP Simple Pass and fingerprint sensor, have to state "I am not robot" each time I want to sign in, and be able to read and enter those hieroglyphs appearing to show the HHonors system I am not a robot.

My statement: That sux!
submonte is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.