My account was hacked this morning, 8/27/17. Similar to what others have reported, 36K points were transferred to a Chinese name (Ocean Cao), with no indication of the deduction in my Hilton activity. No details of my Hilton account had been changed.

This happened to me as well, likely sometime within the past week. Nothing is listed in the activity history, no notification sent out that information was changed on my account. Basically I only noticed this because I logged in and knew my points balance had decreased, and saw that some of the contact info got changed. Called in and was told it would be referred to the fraud department but may take up to 10 days.

This happened to be on August 6th. I saw the email when I woke up in the morning on the 7th and immediately called. Something like 120k points were transferred. Like everyone, was told it would take 14 days. I didn't know if they meant business days or actual days, but both has passed so I called today and was told to email fraud protection. Sounds like they are very non responsive so that is unfortunate. If I don't hear back in the next couple of days I was try twitter since this is going on a month now.

Just received a marketing email asking how would I spend my points, and the amount it showed was how many points I had prior to the theft. I'd wondered if it could get fixed this quickly...I logged in and it only showed a few hundred points, so answer being no. Even the emails they sent out are wrong. I'll wait a couple weeks and if nothing changes, probably do the same thing in reaching out on social media.

Well, they actually resolved that quickly after I emailed them. They setup a new account and all my points were back. All stays, etc. were the same as my old account.

So my account got hacked for 68k points, took multiple phone calls and over 3 weeks and they finally got back to me and openned a new account with the points. But what's frustrating is that each step someone tells you something different!!

"Hilton Honors Points Transfer Confirmation" - half a million points stolen
 

on 20th August, I received two emails, one with the subject above and saying

"You've successfully transferred
Hilton Honors Points.
Confirmation number: 2961-6570-8656-0420-6767
Deposit date: 08/20/2017
Points Deposited to: ZHANG KEMP
....

Your Hilton Honors account and Points balance have been updated to reflect this deposit."

the second

"POINTS REDEMPTION ACTIVITY NOTICE

Dear xxxx,

Thank you for your loyalty to Hilton! This is a courtesy message to confirm the point redemption activity on your Hilton Honors account. You may verify the specific activity and any changes made during the transaction by accessing your account on-line via Hilton Honors.

Your privacy is important to us, if you did not authorize the point redemption on your account or any changes during the transaction, please contact Hilton Honors at 1-800-446-6677 to speak with a customer service representative."

since I had NOT authorised the redemption to Mr or Ms Kemp, on seeing the emails the day after I immediately got in contact with Hilton.

I am still waiting for them to get back to me, despite of my chasing them up - they told me in a return email that "it may take up to 10 business days to finalize it . Please rest assured that every step will be taken to resolve this case and the relevant team will contact you directly.

You are also very welcome to contact our Hilton Honors fraud protection team at [email protected]"

the fact is, I had emailed the blasted fraud protection team and they did not bother to answer.

grrrrr. I would have thought that calling me 10 days ago might have helped.

what the heck is points.com? why are the fraud protection team not getting in touch?

is it worth my bothering to get to HHonors diamond status again, considering that the chain couldn't give a monkey's about my comfort, security, perks etc.?

answers on a postcard, please, to PO box...

Signed: Fuming in the UK.

For transfers into another loyalty program, companies like Hilton use points.com to complete the transfer.

As to why you haven't been contacted, keep in mind that it hasn't been 10 business days yet. That deadline would be end of business today. If you don't get a response today, I'd wait until Tuesday and then contact them again. (Monday is a holiday.)

Just had the same happen to me - 95k points stolen overnight through a points.com transaction. Said it would take 2 weeks to restore, which is crazy. Noticed because they changed my email to one that looked almost identical to my email - which sent me the notice.

Account hacked details (on 9/5/2017):

About two days ago received email that something is changed. Logged in and noticed they added one alphabet to my email, no other changes ([email protected] instead of abcdef).

I changed back my email, and changed my password.

Now, two days later, account locked out (too many login attempts), and calling the hilton phone line, I find that my email has been changed yet again to someone else's email. How they found out my second password, not sure, but admittedly I have been using a lot of public/airport-lounge wifi in the last few days (because I'm travelling on the road).

Again so far no activity besides having my email changed and too many login attempts.

I have ~50k points sitting, plus a number of reservations. This makes me want to speculatively book a ~50k booking so my points balance is too low for someone to instantly transfer out stuff to points.com without cancelling a hotel booking and that cancellation email hopefully alerting me.

Fake Booking & Point Pooling
 

Back in late June someone made a points booking at a Chinese hotel for 87K points, immediately cancelled it, and 24 hours later transferred 90k points into another account under the name "WANG YANG". It's almost like they were testing to see if I had enough points to handle the transfer or something.

Very strange.

Hilton Account HACK - Attempted unauthorized point transfer
 

Just wanted to let people know about an attempted point transfer that someone named "yongzhi shi" tried to transfer from my Honors account.

First things first, my password was very strong and I am worried as to how this was able to happen. I have been involved in a number of the hacking events that have made the news, most recently the Equifax debacle. I am now in the process of changing passwords (again), doing fraud victim statements (again) and considering changing all my user names.

Today, I received an email entitled "Hilton Honors Points Purchase Canceled". In it, it said that my "transaction" yesterday of transferring almost my whole point balance "could not be completed". It said that my credit card was not charged.

When I logged into my account, my point balance was 600-some points with a "POINTS.COM TRANSFER" transaction that cleaned out my points. I also noticed that my email address was changed to a "vip.net" domain, same user name.

I immediately called AmEx to cancel my Hilton AmEx card (which was on my Hilton account) and get a new one. I then called Hilton to report on what happened. They assured me I would get my points back. However, the Diamond desk CSR and the person that "helped" me with my email address change (which I could have done myself) seemed really unconcerned about the whole thing. They remarked that "I should change my password." (well, yeah!) I even had to ask if they wanted the person's name and account number that attempted the transfer since I had that information. "Oh, yes". They later said that "This is exactly what we need." :confused: It was very odd. I asked what they could do to make sure it didn't happen again and I was told "Oh, we have very strong security measures in place." Um, ok, I suppose since they cancelled the transfer, but their attitude certainly did not give me any measure of confidence.

Just a heads up to everyone to watch their accounts. Hopefully it is a one-off situation but I don't know how or why this happened or what enabled this to occur. I will follow up as I find out anything more.

Keep in mind that the person with which you spoke has absolutely nothing to do with the investigation. The department that researches the fraud will certainly contact you if they require specific information from you.

Certainly, agents should express more empathy.

I was also hacked. Almost my whole balance was transferred using a points.com transfer. I also noticed that my email address was changed to a "vip.net" domain, same user name.

I only found out today because Hilton sent me an email to my real email (I don't know how since it was replaced with the other one) saying the transaction was not completed, but it showed me the person's name ("yongzhi shi") and their account number. It also said that my credit card (AmEx Hilton) was not charged so I don't know if the person tried to use my CC or what. The points are still gone, though. CSR didn't give me a timeline on rebanking the points, just said I would definitely get them back. I gave them the name and account number of the person. User name and password changed. CSR re-added my email back (which I could have done - they also forgot to delete the other email!!! :mad:). New AmEx Hilton card on way. I guess I need to have my account number changed too...

I started another thread on this only to find that this has been happening for years. Rinse, repeat. What the hell Hilton?? I hope I get them back...

rule #1 .. ring don't email for something like this. skype gives you free calls to HH USA number (but not UK ! )