|
Yes, call hhonors and explain it to them. Don't email. Call.
Neil |
this is the reply from them
I apologize that the redemption is not listed on our website and we do not have information on what you ordered from our Shopping Mall. The reward was from Maritz. You can contact them at: www.hiltonhonorsshopping.com or you can call them at: 1-866-540-9745 from Monday through Friday 8:00 AM to 4:30PM Central Standard Time. |
Your account was hacked. So was mine and many others. There is a thread about this started I believe in September 2014. You will need to call Maritz and tell them you did not order anything. Then you will need to call HHonors and ask for your points to be reinstated, and ask for a new account number.
|
Originally Posted by lingua101
(Post 24062848)
I have not been login into my account for sometimes. Today I tried to login and it fails. I tried to reset my password also fail.
I emailed the CS and they asked me to confirmed my mailing address and phone number before they can reset my password. I did not think much. Once i managed to login, I notice I only have 134 points. I should have 50,134.. Also the second email is strange gmail account which I override it with my gmail account. I was told that there is shopping on September 2014 for 50,000 points. I did not remember I do any redeemption and this is not listed under ALL Activities. I also notice that I have not received any email from HHonors since sometimes and my milesBuster complain about problem login into my HHonors. The CS also said "You will begin to receive all future mailings at your new email address within 3 weeks. " Seems to me the reason I did not recieve any email from HHonors because the email has been changed. Seems like my account has been hacked and i missed 50,000 points. Anything can be done to recover this 50,000 points? |
|
Originally Posted by GoingGal
(Post 22722824)
Hilton should be shamed into changing their approach to account security!! I will certainly send an email to their privacy department - in fact, every person with a HHonors account might want to do the same.
Note of warning - if you have a credit card number included in your HHonors account I strongly encourage you to remove it immediately. A web site that is this insecure isn't the best place to store credit card information. Thank you anative for starting this thread. If I did not try to login into my account yesterday and failed, I probably still in the dark about this. I never believe on storing my credit card detail in hotel website. I only left it with paypal infact. I called the number in China which help me to log the case and follow up with the email to US. Any idea how long it will take? It is clear a hacking issue as the 50,000 points are used in the www.hiltonhonorshoping. Is this a legit Hilton website? What amazed me when I asked this why it is not automatically trigger investigation, as it sounds to me it is quite "common" occurrence which Hilton should know about it. Any idea also why this "redemption" is not listed under my transactions history? |
Originally Posted by pmarrsouth
(Post 23694315)
Do they email the old address, once it is changed to new email address, stating that the account's email address has been updated and to please contact them asap if it was not done by the account holder?
Now I think I should not "remove" the evidence. No wonder I cannot reset my password as the system complain the information is not matched. Also when I email the CS, they asked me for more information and then said "your email has been changed" which I did not think so much until I found out something wrong with my account. The good practice when email is being changed is 2 emails are being send out to both old and new email. Hilton has failed on this. |
Originally Posted by missamo80
(Post 24064694)
|
I guess I'm one of the lucky ones that hasn't been hacked. Thanks to all for the information in this thread. I've looked but don't seem to find info related to my question, but how do you change from HH#/PIN to username/PW for login? I'm still on the former.
|
Originally Posted by Scott H
(Post 24066285)
I guess I'm one of the lucky ones that hasn't been hacked. Thanks to all for the information in this thread. I've looked but don't seem to find info related to my question, but how do you change from HH#/PIN to username/PW for login? I'm still on the former.
Hilton would have to change it at their end (like Delta just did in recent months) to totally replace the PIN with only a password. (And while Delta has gotten rid of PINs for online login, UA and BA still have them, and they're undoubtely not the only ones besides Hilton.) |
Originally Posted by sdsearch
(Post 24070328)
It doesn't matter. All you can do is add a password, but the PIN login stays functional. So even if you start using the password yourself, the still-active PIN remains the weak link.
Hilton would have to change it at their end (like Delta just did in recent months) to totally replace the PIN with only a password. (And while Delta has gotten rid of PINs for online login, UA and BA still have them, and they're undoubtely not the only ones besides Hilton.) |
Originally Posted by sdsearch
(Post 24070328)
It doesn't matter. All you can do is add a password, but the PIN login stays functional. So even if you start using the password yourself, the still-active PIN remains the weak link.
Hilton would have to change it at their end (like Delta just did in recent months) to totally replace the PIN with only a password. (And while Delta has gotten rid of PINs for online login, UA and BA still have them, and they're undoubtely not the only ones besides Hilton.) |
Just a heads up to everyone, my account was hacked.
I received an award reservation confirmation email for the Hilton in Rotterdam costing 80,000 points, of which I of course did not make a reservation for. The funnier part was the confirmation was not in my name. When I called Hilton, they seemed to straighten everything out over the phone. I received another e-mail from guest assistance asking if there was anything else they can help with, but the e-mail was addressed to whomever made the false reservation. Hilton even confirmed that I had called in to make the reservation, but for someone else. The credit card to be held for incidentals was also not one of my own. I just found it interesting that they addressed the e-mail to the fictitious person rather than me even though it was my account number. Luckily, the confirmation e-mail was sent to me, and I read it within minutes because the reservation was for the same night I received the e-mail. Just a word of warning for everyone to keep an eye out on your accounts. I have to have a new HHonors account created with everything (points, gold status, etc) rolled over to the new account so hopefully it won't be a huge headache. So far though, Hilton has been pretty easy to work with in the matter. |
Are there any other (authentication:login) security professionals here?
Hilton's latest robot:captcha approach to their hacking vulnerability strikes me as amateur hour. I'm looking 1:2 others willing to collaborate on recommendation for Hilton. |
Originally Posted by gqZJzU4vusf0Z2,$d7
(Post 24106515)
Are there any other (authentication:login) security professionals here?
Hilton's latest robot:captcha approach to their hacking vulnerability strikes me as amateur hour. I'm looking 1:2 others willing to collaborate on recommendation for Hilton. |
| All times are GMT -6. The time now is 7:32 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.