To be fair, going off another recent thread here about loss prevention that isn't the be all and end all of the game.

You could consider going above loss prevention to the top and seeing what the bosses can do about it.

Exactly, and this isn't garden-variety victim-blaming. It would take a pretty large feat of good will for them to believe that you weren't complicit in the matter, given that you didn't pursue any recourse when the event actually happened, even after they gave you notice - which you acknowledge receiving.

New member, no location shown, strange and pretty implausible story.

Let me run it thru www.snopes.com!

+1 , the not contacting them after getting their email will be the knife in the OPs back. The OP can try going up the ladder but if the pts were earned from the CCs and not stays then I doubt HH will be willing to do anything If the OP had Diamond or Gold from stays then maybe a bone will thrown their way. Too much info not supplied to make a qualified guess

I didn't found out about the email until I found an email notification in December. It wasn't that I discovered the email in October and did nothing about for 6 weeks.

Lost Prevention should have all the logs and activities of the account. Couldn't the Lost Prevention look at the activity and make a reasonable judgment that the account was hacked?

Sorry, but this comment contributes nothing. But I understand you're skeptical because of my profile. Some people would just create new profile to create story or troll.

What do you expect log-in activity to say? Log-ins from different parts of the world? Many Honors members travel frequently and legitimately use VPNs, same as the criminals. They probably also get millions of brute force log-in requests daily, so digging through that to find one Honors member is unlikely to be productive.

You also don't mention whether you are a long-time member with lots of stays over the years, or whether you only accumulated points through recent credit card churning and didn't even get around to spending the points on yourself. All of these things help paint a picture of whether you are a regular guest who just got hacked, or whether you are somebody who Honors doesn't mind having as an ex-member.

And, for what it's worth, Flyertalk tends to be much more sympathetic towards frequent, long-time posters as opposed to people whose first post is a complaint against a company. There are dozens of sign-ups whose first and only post is to rant about something.

How do you know what the hacker did to access your profile? If your login and security info is easy to guess, they could've simply gotten into your account after one or two attempts. That sort of activity wouldn't indicate anything unusual.

If you didn't log in for several weeks, yet the other person logged in several times from the same system/phone/IP address, it would make it appear that YOUR login was the one that is unusual, and you could be the hacker!

HHonors Account Hacked and Miles Stolen
 

Woke up this morning to an email that I had transferred all but 9,000 of my points to someone else's HHonors account. They must have gotten my username / password somehow. I am pretty on the ball when it comes to online security so I'm a bit concerned. Diamond desk rep said it would take 7-10 business days to get the points back. :confused:

It could also be a case of someone at Hilton fat fingering an HH# for a legitimate transfer for another customer. A couple of weeks ago I was on the phone with a rep for my credit union trying to set up an online id for an account I have with my mother. I gave her the login I wanted to use and she set it up, gave me a temp password and when I went to create a permanent password someone else's phone number came up in the profile. I questioned what the phone number was and she realized that she had set up the id on someone else's account. It's crazy that I was that close to logging into someone else's bank account.

I agree -- particularly because 150k points are only good for something like 3 to 5 free nights.

Bob H

Hacked - points withdrawn
 

I am so frustrated. Knew you guys would understand. Over 100k points withdrawn in three transactions in one day. They changed my email and phone number under profile. I now have a case number, but they won't have any answers for several days. I discovered it when I logged in to book a stay at the beach.

Sorry to hear about your experience, particularly with an expectation to book. :(

One point to consider to minimize the chances of this happening again is to ensure the machines you use to log into your account have up to date internet security suites (typically anti-virus plus anti-malware plus extras). In addition, also consider the "strength" of your password - is it something that is fairly easy to figure out from the perspective of a hacker with bad intentions? Finally, always be wary of someone trying to trick you into giving up your credentials by spoofing a fake Hilton email or website.

BTW, loved the signature fscher! Did you see the news report the other day regarding the meth lab and golf cart chop shop ring that was broken up at the Villages? Those retirees know how to live it up down there!! Haha

Woke up yesterday morning to find a message that my HHonors email was changed at 2AM. Logged in to my account and, surely enough, my points balance decreased by 233,000 but no new activities were listed yet. Called customer service and they opened up 2 tickets (apparently there were 2 separate points.com transfers). I was told that someone will get in touch with me within 2-3 days. We'll see what happens.

It's strange that my password has not been changed and not all available points have been transferred out. I am wondering if this might be an inside job.

Your password is not needed to gain access to your Honors account and the points in it. Anybody we can call, give your name, plus two of: your phone number; your email or your honors account can do what they want with your account.

The bad guys are doing their happy dance at the prospect that soon Honors points will be able to be used for anything on amazon.com and there do not appear to be any plans to make security on Honors accounts any more robust.