Consolidated "Hilton Honors Account Hacked" thread
Oct 31, 2014, 4:45 am
#76
Suspended
Join Date: Oct 2014
Location: France
Programs: HH Diamond
Posts: 5
Be carreful : Hackers Selling Compromised Hilton HHonors Accounts Online
As seen on Loyalitylobby :
http://loyaltylobby.com/2014/10/30/h...counts-online/
-> change your password asap !
http://loyaltylobby.com/2014/10/30/h...counts-online/
-> change your password asap !
Oct 31, 2014, 11:27 am
#77
Join Date: Jul 2007
Location: Berlin
Programs: BA Gold; Accor Plat; IHG Diamond-Amb; Meliá & HH & Marriott Gold
Posts: 5,450
The blogger you quote got the story from the post immediately above yours (and acknowledged that he had done so).
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.
Oct 31, 2014, 2:41 pm
#78
Join Date: Oct 2014
Posts: 2
[QUOTE=IMH;23769720]The blogger you quote got the story from the post immediately above yours (and acknowledged that he had done so).
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.[/QUOTE I've switch over too Marriot never hadp roblem and the hotel staff in each locion is amazing! People need to change there passwords and emails.
I've manage found these.
Here is even one person who has 11 Thousand of are accounts!
Link in his/her thread, http://gyazo.com/a34601f2c938fe4987f2b071fe29577d
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.[/QUOTE I've switch over too Marriot never hadp roblem and the hotel staff in each locion is amazing! People need to change there passwords and emails.
I've manage found these.
Here is even one person who has 11 Thousand of are accounts!
Link in his/her thread, http://gyazo.com/a34601f2c938fe4987f2b071fe29577d
Oct 31, 2014, 2:43 pm
#79
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Just woke up but cannot tell if I am missing points
Embarrasingly, I am not really sure how many points I had (or should have). When I look at All Points Activity in My Account it does not seem to even have a data point for point withdrawals.
How can you look up how points have been used and deducted from your balance?
How can you look up how points have been used and deducted from your balance?
Oct 31, 2014, 3:19 pm
#80
FlyerTalk Evangelist
Join Date: Jun 2004
Location: MSP
Programs: DL PM, MM, NR; HH Diamond, Bonvoy LT Gold, Hyatt Explorist, IHG Diamond, others
Posts: 12,159
Mine shows a certificate issued and a negative number of points associated with that (along with the stay information).
Oct 31, 2014, 3:27 pm
#81
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Well then, I have not been hacked (so far) anyway. But weirdly I cannot find my last use of points either.
I just changed by pin, but that seems pretty weak. It justs 4 digits. Seems to me that having a password just adds another code to guard that can be hacked (i.e. that there is not really any upside, security-wise, to adding and/or using a password instead of a PIN.
Nov 1, 2014, 3:31 am
#82
Used to be MBS PremExec
Join Date: Sep 2000
Location: Saginaw, MI (MBS)
Programs: UA 1K 1.9MM, Marriott Titanium w/Lifetime Plat, Hilton LIfetime ♢, National Exec, Amex Plat
Posts: 5,722
Yeah, paging HHRepresentative....I'm not quite sure how many points I should have...I did redeem twice in this calendar year and nothing is showing up, only my earnings!
Nov 1, 2014, 10:28 am
#84
Join Date: Jan 2012
Programs: HH Diamond
Posts: 695
This is one of the most obscure stories I have come across in a while.
1) Thousands and thousands of Hilton accounts get hacked by a simple brute force attack that needs to go through no more than 10000 possible combinations, and there was nothing in the way to stop it
2) Despite numerous reports over the years, Hilton has still not pulled the possibility to exchange Hilton points for giftcards or other reselling goods - that would lower the attraction to Hilton points dramatically for outsiders
3) Despite this being a major security breach ongoing for weeks now, with hard evidence available through online forums, Hilton has not yet commented - there is a huge amounts of personal data available to hackers here (address, stay history, frequent flyer numbers etc)
4) The press/media have not yet picked up on this story
5) To top it all off, one of the hacking forum members turns up (so he/she says), and apologises!!! ...?
Anyone with good connections to media in some country? This story has the potential to go global and that should result in sufficient motivation by Hilton to sort their IT security out...!
1) Thousands and thousands of Hilton accounts get hacked by a simple brute force attack that needs to go through no more than 10000 possible combinations, and there was nothing in the way to stop it
2) Despite numerous reports over the years, Hilton has still not pulled the possibility to exchange Hilton points for giftcards or other reselling goods - that would lower the attraction to Hilton points dramatically for outsiders
3) Despite this being a major security breach ongoing for weeks now, with hard evidence available through online forums, Hilton has not yet commented - there is a huge amounts of personal data available to hackers here (address, stay history, frequent flyer numbers etc)
4) The press/media have not yet picked up on this story
5) To top it all off, one of the hacking forum members turns up (so he/she says), and apologises!!! ...?
Anyone with good connections to media in some country? This story has the potential to go global and that should result in sufficient motivation by Hilton to sort their IT security out...!
Nov 1, 2014, 1:32 pm
#85
FlyerTalk Evangelist & Ambassador: China
Join Date: Aug 2005
Location: DEN
Programs: DL DM/MM, UA 1K, AA Exp, HH Dia, WOH Glob, IHG Plat, Marriott Gold, NA EE, Hertz PC
Posts: 17,423
Am I right here?
Nov 1, 2014, 2:26 pm
#86
Join Date: Oct 2014
Posts: 2
Hmm, I seem to be missing points now (albeit only maybe 200K). Anyway to check? In the old days when you redeem for a reservation you would see it show up in account activity. Now I feel like these days when you book a reservation the points are deducted, but then the activity never shows up until the stay occurs.
Am I right here?
Am I right here?
Nov 1, 2014, 3:39 pm
#87
Join Date: Nov 2013
Programs: HH Diamond, IHG Spire, Marriott Gold, AA Plat. Pro
Posts: 400
Changing passwords won't deactivate the PINs that -- as far as I can tell -- are a means to access all HHonors accounts regardless of any settings users change.[/QUOTE I've switch over too Marriot never hadp roblem and the hotel staff in each locion is amazing! People need to change there passwords and emails.
Nov 2, 2014, 6:03 am
#89
Join Date: Nov 2002
Location: SEA/YVR/BLI
Programs: UA "Lifetime" Gold, AS MVPG100K, OW Emerald, HH Lifetime Diamond, IC Plat, Marriott Gold, Hertz Gold
Posts: 9,490
Mrs. Fredd removed her (Hilton) credit card from her account details and finds it back in her account this morning. 
Judging by the posts to this thread, this could be a wholesale problem. Think of all the Hilton customers who don't monitor their accounts as carefully as FTers.
Why hasn't Hilton contacted customers, as SPG did recently after a similar problem?
Judging by the posts to this thread, this could be a wholesale problem. Think of all the Hilton customers who don't monitor their accounts as carefully as FTers.
Why hasn't Hilton contacted customers, as SPG did recently after a similar problem?
Nov 2, 2014, 12:55 pm
#90
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Hmm, I seem to be missing points now (albeit only maybe 200K). Anyway to check? In the old days when you redeem for a reservation you would see it show up in account activity. Now I feel like these days when you book a reservation the points are deducted, but then the activity never shows up until the stay occurs.
Am I right here?
Am I right here?