I wasn't suggesting a detailed explanation of the weakness that was exploited. Instead, a general notice that it appears some accounts were broken into and that members should check their accounts, change email addresses, etc would be prudent. (In my opinion disclosure to clients that data or assets has been stolen really should be mandated by law.)

Hilton Honors FRAUD - Points, Transfers, Pooling
 

A head's up...

I had fraudulent activity on my account overnight - siphoning about 30,000 points in 4 separate transfers. (Of course, I've reported this to Hilton.)

Mid-way thru the night, the fraud also involved an invitation to "Pool" my account with another - it said that I initiated the pooling "invite."

What's VERY interesting, is this activity occurred just barely 24 hours after I called Hilton to open a formal complaint about a specific Hampton property - and about a week after posting negative, but accurate and "constructive" reviews on Trip Advisor, Yelp, and Google.

I've not called Hilton to formally file a complaint in over 10 years - and 24 hours later, I have fraud? Strange coincidence - or rogue employee/manager?

Anyway... Hilton's terms say they're not responsible for replacing the points. However, the agent said it takes 10-14 days for the investigation to occur, and they will replace the points if fraudulent activity occurred.

I cannot find ANY information about rewards program fraud - other than the previous Hilton PIN number fraud a few years ago.

BEWARE

was there fraud other than the pin fraud?

My HHonors account was hacked last Thursday (over a week ago). Over 300k points transferred. Hilton sent an email at 5:30 in the morning to notify me of an email change (they had my phone number....). The agent said it would be resolved in 3 to 5 days, and my points would be put back. That was 8 days ago. 3 days ago when i called to check on the case, the agent told me to email HHfraud, which I did, with no response. Yesterday, the agent said their manager would contact me, which they have not. Today, I'm being told a "supervisor" will contact me within 24 hours...Not holding my breath....I've been a loyal Hilton guy for years, even though my coworkers try to switch me to Marriott.

Obviously, Hilton doesn't care. I wonder if American Express cares that they lose a member (hhonors Amex user), when I switch to Marriott and a Marriott Visa?...

is this happening with any of the other hotel companies?

hgblues, if huge business spend on hilton amex, amex may help, there were reports on FT of amex helping get (other kinds of) resolution with loyalty programs

Hacked Hilton Account
 

Checked my Hilton account on Saturday (8/5) only to discover that my balance had shrunk by 500K. Seems someone transferred out two chunks of 250K into points.com !! :mad::mad:
After an hour on the phone with the Diamond Desk, was told to wait 14 business days for the "results" of their investigation. Anyone have any experience with this? Stealing is my biggest pet peeve!

Same here with Points.com
 

Hi all. Long time lurker. First time poster.
My wife had the same issue. Points.com transferred a ton of her HH points out. The email and phone had been changed. HH agent on phone said 10 business days to get it resolved but we are closer to 15 right now.

Odd, that I'm seeing a lot of similar posts here about the issue, but really nothing elsewhere (unless I'm missing something).

I'd bet on someone got into a system that exposed passwords and they've been trying many different systems. There are many that only use the same password on several sites so breaking one gives access to many. I'd be checking other accounts to see if they have be compromised.

I like it when sites send emails to both previous and new accounts to announce the change. Only way some of these events get trapped.

It's seems, that freezing points in reservation could be a good option? Do hackers cancel existing reservations to transfer points out?

Account fixed ! The Hilton Rep on the flyertalk.com forum was able to do something that 3 phone calls, 2 emails, and over a week of being locked down, couldnt do.

Hats off to flyertalk.com and the Hilton Rep monitoring this forum. Thanks!

I got an email from [email protected], subject "Hilton Honors Points Transfer Receipt."

Entire point balance siphoned into a recipient account bearing a Chinese name.

I logged into hilton.com and don't see any activity. Personal info (email, phone) not changed. Any clue how this could have happened? What does points.com require to initiate a transfer?

Yeah I was hacked last Monday too. I only lost 51K, but I am also still waiting for any sort of response. I emailed HH fraud as well. Sounds like there might be a large backlog of these fraud cases based on the recent uptick in this thread's activity. Hopefully we will get a resolution soon.

Not doing this makes no sense. It should be completely automatic, and probably even include a link or code in the email to the old address that lets the recipient indicate that the change was not authorized, along with a time delay before the change becomes effective. This would allow for the situation where the account holder cannot access email at the old address, but still provide a simply executed protection against hackers.

I'm checking my account more frequently now to make sure my points are still there and have noticed that I'm encountering captcha almost every time. Yesterday I had to go through 3 rounds of clicking on stuff before it would let me through. Am wondering if increased captcha challenges are part of Hilton's response to the hacking.