Be carreful : Hackers Selling Compromised Hilton HHonors Accounts Online
As seen on Loyalitylobby :
http://loyaltylobby.com/2014/10/30/h...counts-online/ -> change your password asap ! |
The blogger you quote got the story from the post immediately above yours (and acknowledged that he had done so).
Originally Posted by loyalitiz
(Post 23767877)
change your password asap
|
[QUOTE=IMH;23769720]The blogger you quote got the story from the post immediately above yours (and acknowledged that he had done so).
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.[/QUOTE I've switch over too Marriot never hadp roblem and the hotel staff in each locion is amazing! People need to change there passwords and emails. I've manage found these. http://i.imgur.com/BoZ7QHX.png?1 Here is even one person who has 11 Thousand of are accounts! http://i.imgur.com/Jn7eQD7.png?1 Link in his/her thread, http://gyazo.com/a34601f2c938fe4987f2b071fe29577d |
Just woke up but cannot tell if I am missing points
Embarrasingly, I am not really sure how many points I had (or should have). When I look at All Points Activity in My Account it does not seem to even have a data point for point withdrawals.
How can you look up how points have been used and deducted from your balance? |
Originally Posted by JohnMacWW
(Post 23770934)
Embarrasingly, I am not really sure how many points I had (or should have). When I look at All Points Activity in My Account it does not seem to even have a data point for point withdrawals.
How can you look up how points have been used and deducted from your balance? |
Originally Posted by sethb
(Post 23771135)
Mine shows a certificate issued and a negative number of points associated with that (along with the stay information).
Well then, I have not been hacked (so far) anyway. But weirdly I cannot find my last use of points either. I just changed by pin, but that seems pretty weak. It justs 4 digits. Seems to me that having a password just adds another code to guard that can be hacked (i.e. that there is not really any upside, security-wise, to adding and/or using a password instead of a PIN. |
Yeah, paging HHRepresentative....I'm not quite sure how many points I should have...I did redeem twice in this calendar year and nothing is showing up, only my earnings!
|
I hope my post will help some of you all better secure your accounts and also put some pressure on Hilton to beef up their very flawed security measures.
|
This is one of the most obscure stories I have come across in a while.
1) Thousands and thousands of Hilton accounts get hacked by a simple brute force attack that needs to go through no more than 10000 possible combinations, and there was nothing in the way to stop it 2) Despite numerous reports over the years, Hilton has still not pulled the possibility to exchange Hilton points for giftcards or other reselling goods - that would lower the attraction to Hilton points dramatically for outsiders 3) Despite this being a major security breach ongoing for weeks now, with hard evidence available through online forums, Hilton has not yet commented - there is a huge amounts of personal data available to hackers here (address, stay history, frequent flyer numbers etc) 4) The press/media have not yet picked up on this story 5) To top it all off, one of the hacking forum members turns up (so he/she says), and apologises!!! ...? Anyone with good connections to media in some country? This story has the potential to go global and that should result in sufficient motivation by Hilton to sort their IT security out...! |
Originally Posted by MBS MillionMiler
(Post 23773020)
Yeah, paging HHRepresentative....I'm not quite sure how many points I should have...I did redeem twice in this calendar year and nothing is showing up, only my earnings!
Am I right here? |
Originally Posted by mnredfox
(Post 23775032)
Hmm, I seem to be missing points now (albeit only maybe 200K). Anyway to check? In the old days when you redeem for a reservation you would see it show up in account activity. Now I feel like these days when you book a reservation the points are deducted, but then the activity never shows up until the stay occurs.
Am I right here? |
Originally Posted by MarriotAdovacte
(Post 23770916)
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.[/QUOTE I've switch over too Marriot never hadp roblem and the hotel staff in each locion is amazing! People need to change there passwords and emails.
|
Krebsonsecurity is going to be doing a story on this. I was emailing with him earlier and also clued him on the United pin use also.
|
Mrs. Fredd removed her (Hilton) credit card from her account details and finds it back in her account this morning. :mad:
Judging by the posts to this thread, this could be a wholesale problem. Think of all the Hilton customers who don't monitor their accounts as carefully as FTers. Why hasn't Hilton contacted customers, as SPG did recently after a similar problem? :confused: |
Originally Posted by mnredfox
(Post 23775032)
Hmm, I seem to be missing points now (albeit only maybe 200K). Anyway to check? In the old days when you redeem for a reservation you would see it show up in account activity. Now I feel like these days when you book a reservation the points are deducted, but then the activity never shows up until the stay occurs.
Am I right here? |
All times are GMT -6. The time now is 6:49 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.