Consolidated "Hilton Honors Account Hacked" thread
#392
Join Date: Nov 2010
Posts: 2
A head's up...
I had fraudulent activity on my account overnight - siphoning about 30,000 points in 4 separate transfers. (Of course, I've reported this to Hilton.)
Mid-way thru the night, the fraud also involved an invitation to "Pool" my account with another - it said that I initiated the pooling "invite."
What's VERY interesting, is this activity occurred just barely 24 hours after I called Hilton to open a formal complaint about a specific Hampton property - and about a week after posting negative, but accurate and "constructive" reviews on Trip Advisor, Yelp, and Google.
I've not called Hilton to formally file a complaint in over 10 years - and 24 hours later, I have fraud? Strange coincidence - or rogue employee/manager?
Anyway... Hilton's terms say they're not responsible for replacing the points. However, the agent said it takes 10-14 days for the investigation to occur, and they will replace the points if fraudulent activity occurred.
I cannot find ANY information about rewards program fraud - other than the previous Hilton PIN number fraud a few years ago.
BEWARE
I had fraudulent activity on my account overnight - siphoning about 30,000 points in 4 separate transfers. (Of course, I've reported this to Hilton.)
Mid-way thru the night, the fraud also involved an invitation to "Pool" my account with another - it said that I initiated the pooling "invite."
What's VERY interesting, is this activity occurred just barely 24 hours after I called Hilton to open a formal complaint about a specific Hampton property - and about a week after posting negative, but accurate and "constructive" reviews on Trip Advisor, Yelp, and Google.
I've not called Hilton to formally file a complaint in over 10 years - and 24 hours later, I have fraud? Strange coincidence - or rogue employee/manager?
Anyway... Hilton's terms say they're not responsible for replacing the points. However, the agent said it takes 10-14 days for the investigation to occur, and they will replace the points if fraudulent activity occurred.
I cannot find ANY information about rewards program fraud - other than the previous Hilton PIN number fraud a few years ago.
BEWARE
#393
Join Date: Mar 2017
Programs: HHonors Diamond, SPG, IHG, AA, SWA
Posts: 84
Same thing happened to me today.
Last night, I got an email confirming account activity I did not make. I immediately tried to log in, but they changed my log in credentials. I called the Diamond Desk and they said my points were not touched, so they changed the email back to mine and allowed me to rest my password.
You'd think that was the end of it. But, this morning I received a confirmation of my points activity. I called the Diamond Desk again and they confirmed virtually all of my points were transferred to points.com.
I have no idea how they got into my account but they must have scheduled the transaction right away. The CSR today told me they should have suspended my account when I reported the original fraud to prevent my points from being usable in any capacity.
Hopefully they get it sorted out, but I'm not loping forward to linking my new HH number to Amazon, Lyft, and Amex.
Last night, I got an email confirming account activity I did not make. I immediately tried to log in, but they changed my log in credentials. I called the Diamond Desk and they said my points were not touched, so they changed the email back to mine and allowed me to rest my password.
You'd think that was the end of it. But, this morning I received a confirmation of my points activity. I called the Diamond Desk again and they confirmed virtually all of my points were transferred to points.com.
I have no idea how they got into my account but they must have scheduled the transaction right away. The CSR today told me they should have suspended my account when I reported the original fraud to prevent my points from being usable in any capacity.
Hopefully they get it sorted out, but I'm not loping forward to linking my new HH number to Amazon, Lyft, and Amex.
#395
Join Date: Nov 2004
Location: London
Programs: AA, BA, UAL, NZ, QF, LH, SPG, IHG, HH, Marriott etc etc
Posts: 152
more points.com fraud?
I transferred 75k hilton points between family accounts and redeemed them immediately. two days later i receive an email from [email protected] saying i had bought 75k miles and more Bundle & Go points. Have no idea what this is and i cant find a points.com customer service number. the email also quoted the hilton account number as a miles and more account. Points.com completely broken?
#396
Join Date: Jun 2019
Programs: AS MVPG75K / HIlton Diamond
Posts: 29
I transferred 75k hilton points between family accounts and redeemed them immediately. two days later i receive an email from [email protected] saying i had bought 75k miles and more Bundle & Go points. Have no idea what this is and i cant find a points.com customer service number. the email also quoted the hilton account number as a miles and more account. Points.com completely broken?
#398
Join Date: Feb 2006
Location: GSO/HAM
Programs: UA MM, Hilton Diamond
Posts: 280
Hhonor account hacked
received an email this morning "Your Hilton Honors Points have been redeemed"
I immediately went online since I did not redeem any points. Somebody made reservations for 3 rooms at a Hilton in China. I was able to cancel all 3 reservations, points were redeposited and I changed my password. Is there anything else I should/need to do ??
Thank you
I immediately went online since I did not redeem any points. Somebody made reservations for 3 rooms at a Hilton in China. I was able to cancel all 3 reservations, points were redeposited and I changed my password. Is there anything else I should/need to do ??
Thank you
#399
Join Date: Apr 2010
Posts: 641
How complex is your password? If anything less than 8 characters, of which 2 small letters, 2 big letters, 2 digits and 2 special characters, preferably all non-consecutive, change it again to a more complex one.
Do you have two-factor verification (enhanced security) enabled? If not, do so, it is not a very strong feature but should in principle prevent most actions from new browsers / new locations without prior verification.
If you have a credit card saved in your profile, I would remove it.
Do you have two-factor verification (enhanced security) enabled? If not, do so, it is not a very strong feature but should in principle prevent most actions from new browsers / new locations without prior verification.
If you have a credit card saved in your profile, I would remove it.
#400
A FlyerTalk Posting Legend
Join Date: Jul 2002
Location: MCI
Programs: AA Gold 1MM, AS MVP, UA Silver, WN A-List, Marriott LT Titanium, HH Diamond
Posts: 52,575
I was hacked over the weekend. I received an email that my Honors phone number had been changed and I had linked my account to Amazon. I immediately logged into my account and changed the password, and changed the phone number back. I also called Hilton right away, and was literally on the phone with a rep when I got emails that all of my points had been transferred to Amazon.
To Hilton's credit, they locked the account, opened a fraud case, and restored my account (with a new number) and points within 3 days. Unclear if they ever canceled the Amazon orders, but this appears to be the new MO for hackers: instantly get the points out of HH, not just attached to a hotel stay that the account holder might notice before check-in.
I now have 2FA set up - but honestly didn't even know that was an option until yesterday. Marriott automatically enabled 2FA some time ago; with Hilton you still have to go deep into your profile and find the option.
I've always used complicated passwords, but I doubt the scammers are brute-forcing password guesses to begin with. They got the password and number somehow. I travel a lot and try to only connect to reputable / known Wifi but obviously my info got out there somehow.
To Hilton's credit, they locked the account, opened a fraud case, and restored my account (with a new number) and points within 3 days. Unclear if they ever canceled the Amazon orders, but this appears to be the new MO for hackers: instantly get the points out of HH, not just attached to a hotel stay that the account holder might notice before check-in.
I now have 2FA set up - but honestly didn't even know that was an option until yesterday. Marriott automatically enabled 2FA some time ago; with Hilton you still have to go deep into your profile and find the option.
I've always used complicated passwords, but I doubt the scammers are brute-forcing password guesses to begin with. They got the password and number somehow. I travel a lot and try to only connect to reputable / known Wifi but obviously my info got out there somehow.
#401
Join Date: Nov 2002
Location: SEA/YVR/BLI
Programs: UA "Lifetime" Gold, AS MVPG100K, OW Emerald, HH Lifetime Diamond, IC Plat, Marriott Gold, Hertz Gold
Posts: 9,490