Consolidated "Hilton Honors Account Hacked" thread
Aug 1, 2017, 3:12 pm
#316
Join Date: Dec 2016
Posts: 246
It's not wise for companies to publish how their systems were hacked. Even if they plug that one hole it leads people to believe they are lax in security and hackers will try other avenues. How they recover from the hacks tells how much they appreciate their customers. Some systems will that many weeks to research the situation and if they have the ability to point the finger at the customer being behind the loss, they will deny restoring the points.
With many sites now using an email address as the account name, it's not far fetched to think the user will use their email password for access. This causes a cascading failure should they get hacked. Personally, I use separate addresses for each account even if it's not the username so I can see who's feeding my address to spammers.
With many sites now using an email address as the account name, it's not far fetched to think the user will use their email password for access. This causes a cascading failure should they get hacked. Personally, I use separate addresses for each account even if it's not the username so I can see who's feeding my address to spammers.
I wasn't suggesting a detailed explanation of the weakness that was exploited. Instead, a general notice that it appears some accounts were broken into and that members should check their accounts, change email addresses, etc would be prudent. (In my opinion disclosure to clients that data or assets has been stolen really should be mandated by law.)
Aug 3, 2017, 6:59 am
#317
Join Date: Oct 2008
Location: Austin, TX
Programs: United Mileage Plus, Hilton Honors, Priority Club, Hyatt Platinum
Posts: 55
Hilton Honors FRAUD - Points, Transfers, Pooling
A head's up...
I had fraudulent activity on my account overnight - siphoning about 30,000 points in 4 separate transfers. (Of course, I've reported this to Hilton.)
Mid-way thru the night, the fraud also involved an invitation to "Pool" my account with another - it said that I initiated the pooling "invite."
What's VERY interesting, is this activity occurred just barely 24 hours after I called Hilton to open a formal complaint about a specific Hampton property - and about a week after posting negative, but accurate and "constructive" reviews on Trip Advisor, Yelp, and Google.
I've not called Hilton to formally file a complaint in over 10 years - and 24 hours later, I have fraud? Strange coincidence - or rogue employee/manager?
Anyway... Hilton's terms say they're not responsible for replacing the points. However, the agent said it takes 10-14 days for the investigation to occur, and they will replace the points if fraudulent activity occurred.
I cannot find ANY information about rewards program fraud - other than the previous Hilton PIN number fraud a few years ago.
BEWARE
I had fraudulent activity on my account overnight - siphoning about 30,000 points in 4 separate transfers. (Of course, I've reported this to Hilton.)
Mid-way thru the night, the fraud also involved an invitation to "Pool" my account with another - it said that I initiated the pooling "invite."
What's VERY interesting, is this activity occurred just barely 24 hours after I called Hilton to open a formal complaint about a specific Hampton property - and about a week after posting negative, but accurate and "constructive" reviews on Trip Advisor, Yelp, and Google.
I've not called Hilton to formally file a complaint in over 10 years - and 24 hours later, I have fraud? Strange coincidence - or rogue employee/manager?
Anyway... Hilton's terms say they're not responsible for replacing the points. However, the agent said it takes 10-14 days for the investigation to occur, and they will replace the points if fraudulent activity occurred.
I cannot find ANY information about rewards program fraud - other than the previous Hilton PIN number fraud a few years ago.
BEWARE
Aug 4, 2017, 12:24 pm
#319
Join Date: Aug 2017
Posts: 3
My HHonors account was hacked last Thursday (over a week ago). Over 300k points transferred. Hilton sent an email at 5:30 in the morning to notify me of an email change (they had my phone number....). The agent said it would be resolved in 3 to 5 days, and my points would be put back. That was 8 days ago. 3 days ago when i called to check on the case, the agent told me to email HHfraud, which I did, with no response. Yesterday, the agent said their manager would contact me, which they have not. Today, I'm being told a "supervisor" will contact me within 24 hours...Not holding my breath....I've been a loyal Hilton guy for years, even though my coworkers try to switch me to Marriott.
Obviously, Hilton doesn't care. I wonder if American Express cares that they lose a member (hhonors Amex user), when I switch to Marriott and a Marriott Visa?...
Obviously, Hilton doesn't care. I wonder if American Express cares that they lose a member (hhonors Amex user), when I switch to Marriott and a Marriott Visa?...
Aug 4, 2017, 3:00 pm
#320
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
is this happening with any of the other hotel companies?
hgblues, if huge business spend on hilton amex, amex may help, there were reports on FT of amex helping get (other kinds of) resolution with loyalty programs
hgblues, if huge business spend on hilton amex, amex may help, there were reports on FT of amex helping get (other kinds of) resolution with loyalty programs
Aug 7, 2017, 4:34 am
#321
Join Date: Dec 2002
Location: SAN and before that...EWR....AA EXP (3MM)..HH LIFETIME DIAMOND..AVIS PREFERRED PLUS
Posts: 678
Hacked Hilton Account
Checked my Hilton account on Saturday (8/5) only to discover that my balance had shrunk by 500K. Seems someone transferred out two chunks of 250K into points.com !! 
After an hour on the phone with the Diamond Desk, was told to wait 14 business days for the "results" of their investigation. Anyone have any experience with this? Stealing is my biggest pet peeve!
After an hour on the phone with the Diamond Desk, was told to wait 14 business days for the "results" of their investigation. Anyone have any experience with this? Stealing is my biggest pet peeve!
Aug 7, 2017, 7:48 am
#322
Join Date: Nov 2008
Location: Snohomish, WA
Programs: AS MVP Gold, HHonors Diamond
Posts: 2,796
Aug 7, 2017, 12:15 pm
#323
Join Date: Apr 2013
Location: NYC
Programs: Delta, Marriott, Starwood, Hilton
Posts: 2
Same here with Points.com
Hi all. Long time lurker. First time poster.
My wife had the same issue. Points.com transferred a ton of her HH points out. The email and phone had been changed. HH agent on phone said 10 business days to get it resolved but we are closer to 15 right now.
Odd, that I'm seeing a lot of similar posts here about the issue, but really nothing elsewhere (unless I'm missing something).
My wife had the same issue. Points.com transferred a ton of her HH points out. The email and phone had been changed. HH agent on phone said 10 business days to get it resolved but we are closer to 15 right now.
Odd, that I'm seeing a lot of similar posts here about the issue, but really nothing elsewhere (unless I'm missing something).
Aug 7, 2017, 2:02 pm
#324
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Hi all. Long time lurker. First time poster.
My wife had the same issue. Points.com transferred a ton of her HH points out. The email and phone had been changed. HH agent on phone said 10 business days to get it resolved but we are closer to 15 right now.
Odd, that I'm seeing a lot of similar posts here about the issue, but really nothing elsewhere (unless I'm missing something).
My wife had the same issue. Points.com transferred a ton of her HH points out. The email and phone had been changed. HH agent on phone said 10 business days to get it resolved but we are closer to 15 right now.
Odd, that I'm seeing a lot of similar posts here about the issue, but really nothing elsewhere (unless I'm missing something).
I like it when sites send emails to both previous and new accounts to announce the change. Only way some of these events get trapped.
Aug 7, 2017, 11:00 pm
#327
Join Date: Nov 2013
Posts: 4,374
I got an email from [email protected], subject "Hilton Honors Points Transfer Receipt."
Entire point balance siphoned into a recipient account bearing a Chinese name.
I logged into hilton.com and don't see any activity. Personal info (email, phone) not changed. Any clue how this could have happened? What does points.com require to initiate a transfer?
Entire point balance siphoned into a recipient account bearing a Chinese name.
I logged into hilton.com and don't see any activity. Personal info (email, phone) not changed. Any clue how this could have happened? What does points.com require to initiate a transfer?
Aug 8, 2017, 7:00 am
#328
Join Date: Dec 2015
Posts: 60
My HHonors account was hacked last Thursday (over a week ago). Over 300k points transferred. Hilton sent an email at 5:30 in the morning to notify me of an email change (they had my phone number....). The agent said it would be resolved in 3 to 5 days, and my points would be put back. That was 8 days ago. 3 days ago when i called to check on the case, the agent told me to email HHfraud, which I did, with no response. Yesterday, the agent said their manager would contact me, which they have not. Today, I'm being told a "supervisor" will contact me within 24 hours...Not holding my breath....I've been a loyal Hilton guy for years, even though my coworkers try to switch me to Marriott.
Obviously, Hilton doesn't care. I wonder if American Express cares that they lose a member (hhonors Amex user), when I switch to Marriott and a Marriott Visa?...
Obviously, Hilton doesn't care. I wonder if American Express cares that they lose a member (hhonors Amex user), when I switch to Marriott and a Marriott Visa?...
Aug 8, 2017, 9:15 am
#329
Join Date: Sep 2015
Location: flyover country
Posts: 2,435
Not doing this makes no sense. It should be completely automatic, and probably even include a link or code in the email to the old address that lets the recipient indicate that the change was not authorized, along with a time delay before the change becomes effective. This would allow for the situation where the account holder cannot access email at the old address, but still provide a simply executed protection against hackers.
Aug 8, 2017, 9:43 am
#330
Join Date: Oct 2000
Location: Seattle WA, USA
Programs: Hilton Diamond, Marriott LT Plat, AS Lounge
Posts: 3,478
I'm checking my account more frequently now to make sure my points are still there and have noticed that I'm encountering captcha almost every time. Yesterday I had to go through 3 rounds of clicking on stuff before it would let me through. Am wondering if increased captcha challenges are part of Hilton's response to the hacking.