Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Hilton | Hilton Honors
Reload this Page >

Hilton Honors Website Security - Accounts hacked Oct 2014

Hilton Honors Website Security - Accounts hacked Oct 2014

Old Jan 20, 15, 11:44 am
  #151  
 
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Originally Posted by eknock007 View Post
UPDATE: I got an email today from HHonors Loss Prevention informing me that my points had been restored. They cancel my old account number and created a new for me. Apparently they were able to cancel the GC order in time. Good to see that Hilton is on top of this when people end up of becoming a victim.
Can you list the timeline you endured? (I.e. how many days between you alerting Hilton and having a new HH Account with all points restored).

Was your HH account suspended for an intermim period or did they give you a new one immediately? When they gave you a new HH account, how quickly did the then-remaining point balance in your old account get transfered and thus be usable?

Did they just transfer all of your personal data and preferences to the new account or did you have to go in and enter some of it (like CC info or preferences)?
JohnMacWW is offline  
Old Jan 20, 15, 2:33 pm
  #152  
 
Join Date: Jan 2011
Location: LAX
Programs: Delta Silver, Marriott Gold, HH Diamond, Ex-UA Gold, Ex-AA Gold , Ex-SPG Gold, Peon everywhere else
Posts: 614
Originally Posted by JohnMacWW View Post
Can you list the timeline you endured? (I.e. how many days between you alerting Hilton and having a new HH Account with all points restored).

Was your HH account suspended for an intermim period or did they give you a new one immediately? When they gave you a new HH account, how quickly did the then-remaining point balance in your old account get transfered and thus be usable?

Did they just transfer all of your personal data and preferences to the new account or did you have to go in and enter some of it (like CC info or preferences)?
Here is the timeline:

1/18 1:30pm: Email from Hilton indicating I had changed my address. Immediately called Hilton CS to report the incident.

1/18 4:36pm: Email from Hilton with the order confirmation. Called Hilton CS around 6pm to report that 225.0000 points had been stolen and I was given a case number.

1/18 6:17pm. I forwarded the order confirmation email to Hilton Loss Prevention. Got a email acknowledgement right away from Hilton.

1/19 10:50am: received two emails from Hilton Loss Prevention. One indicating I had a new PIN and the other indicating that the order had been canceled and that my points had been restored. Also that a new account number had been created and the old one closed.

The new account seems to have all of my info from my previous account with the exception of stored credit cards. Those I have to add. The whole transfer of info and points happen rather quickly. I had gone into my old account early on the 19th to see if there was any change and everything was still the same. As soon as I got the email from Loss Prevention that I had a new account, I logged into the new account and saw that the original points total had been restored along with most of my personal info. I have not check everything but what matter the most was the points. I tried to log-in to my old account but the log-in was no longer valid.
eknock007 is offline  
Old Jan 20, 15, 2:57 pm
  #153  
IMH
 
Join Date: Jul 2007
Location: Berlin
Programs: BA Gold; Accor Plat; IHG Diamond; Meli & HH & Marriott & Radisson Gold
Posts: 5,209
Thanks for the comprehensive report. It seems that the Hilton people responsible for resolving these problems are pretty good. Shame the company still hasn't tightened things up to prevent the problems happening in the first place.

Originally Posted by eknock007 View Post
The new account seems to have all of my info from my previous account with the exception of stored credit cards. Those I have to add.
I'm probably not alone in thinking that it's better not to store credit card information in your HH profile right now.
IMH is offline  
Old Jan 20, 15, 4:53 pm
  #154  
 
Join Date: Jan 2011
Location: LAX
Programs: Delta Silver, Marriott Gold, HH Diamond, Ex-UA Gold, Ex-AA Gold , Ex-SPG Gold, Peon everywhere else
Posts: 614
Originally Posted by IMH View Post
It seems that the Hilton people responsible for resolving these problems are pretty good.
Yeah I was kind off surprise that it took less than one day to recover the points. I was anticipating weeks of agonizing wait time for any action to occur as far as remedying the situation. The email from Loss Prevention mention that it would take 7-10 business days to review and respond to my issue.
eknock007 is offline  
Old Jan 20, 15, 7:39 pm
  #155  
 
Join Date: Feb 2013
Location: ANC
Programs: AS; Hyatt; Bonvoy
Posts: 1,718
Originally Posted by IMH View Post

I'm probably not alone in thinking that it's better not to store credit card information in your HH profile right now.
Keep checking back on your credit card information to make sure it stays gone.

I thought deleted my card details after a lengthy process - the system would say my profile was updated and the card details vanished. But the next time I logged in the card information was back again.

So taking trip from others on the forum, I used the app instead of the laptop to delete card information. It seemed to work.

But then after I had a stay at a property I found the card I'd used at that particular hotel was back in my profile. It just kept coming back ...

Now what I've done is added a card number for an account that was recently closed. After my hotel stay next week I'll check to see if that old card is still on file or whether my HHonors card number details have (again) replaced it.
AKCuisine is offline  
Old Jan 21, 15, 2:37 pm
  #156  
 
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 228
> I thought deleted my card details after a lengthy process - the system
> would say my profile was updated and the card details vanished. But the
> next time I logged in the card information was back again.

Ditto. I'm having the same problem with phone numbers.
gqZJzU4vusf0Z2,$d7 is offline  
Old Jan 21, 15, 2:46 pm
  #157  
 
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 228
Protect Against Rogue HHONORS Access Points ...

This is a soln that will (only) mitigate the rogue HHONORS access point attack.

Upon check-in, I ask the Front Desk for the WiFi "coupon/code" for the day/week. I use it to login to the WiFi ... without ever entering my HHonors account nbr, PIN and room number.

If I have happened to connect to a rogue HHONORS access point, all they get is the coupon/code for the day/week.
gqZJzU4vusf0Z2,$d7 is offline  
Old Jan 25, 15, 8:17 am
  #158  
 
Join Date: Apr 2008
Location: Germany, Austria
Programs: IHG Spire Amb, LC Sterling, HH Gld, ALL Gld, WoH Disc, Bonvoy, LH M&M FT
Posts: 1,113
I havent been following these thread but I tell you what nervs me:

I can no more automatically sign into my HHonors account, which I usually did on my Envy by HP Simple Pass and fingerprint sensor, have to state "I am not robot" each time I want to sign in, and be able to read and enter those hieroglyphs appearing to show the HHonors system I am not a robot.

My statement: That sux!
submonte is offline  
Old Jan 25, 15, 11:05 am
  #159  
FlyerTalk Evangelist
 
Join Date: Jan 2005
Location: home = LAX
Posts: 25,678
Originally Posted by submonte View Post
I havent been following these thread but I tell you what nervs me:

I can no more automatically sign into my HHonors account, which I usually did on my Envy by HP Simple Pass and fingerprint sensor, have to state "I am not robot" each time I want to sign in, and be able to read and enter those hieroglyphs appearing to show the HHonors system I am not a robot.

My statement: That sux!
There's a separate thread all about that:

http://www.flyertalk.com/forum/hilto...a-logging.html
sdsearch is offline  
Old Jan 27, 15, 1:42 pm
  #160  
Original Member
 
Join Date: May 1998
Location: Miami, FL
Programs: AA EXP
Posts: 346
I think we as a community will have to make personal complaints to actually get the PINs removed.

Here are some names: (Note these profiles are publicly available)

Levena Bailey - Sr. Director Enterprise Security - https://www.linkedin.com/in/levenabailey

Michael Leidinger - Vice President, IT Infrastructure, Operations, and Security
https://www.linkedin.com/pub/michael-leidinger/0/ba/599

Josh Weiss - VP - Brand & Guest Technology at Hilton Worldwide
https://www.linkedin.com/in/joshweiss

I believe that having Forum Mods or individuals making a personal contact to someone Sr. at Hilton will get the due attention to this issue. Online Reservations, e-commerce, loyalty program management are an important part of a Hilton's Business so if trust is eroded their business will suffer long term.

Last edited by redrock; Jan 27, 15 at 2:56 pm
redrock is offline  
Old Jan 27, 15, 2:48 pm
  #161  
 
Join Date: Dec 2010
Location: Sacramento, CA
Programs: UA 1K; Hilton: Diamond;Kimpton: ?? ; Omni: Black; Avis: First; Hertz: Five Star
Posts: 656
Thanks eknock007 for that great post on the timing and response. That seems pretty responsive on their part, way better than I would have expected.
JohnMacWW is offline  
Old Feb 24, 15, 8:54 pm
  #162  
 
Join Date: Jan 2011
Posts: 40
My account was hacked a few days ago. I hadn't logged into my account in a few months and I noticed an email saying that my account changes had been updated. Upon seeing that, I immediately tried logging into my account with no success and was unable to reset my password. I immediately called HHonors and spoke to a representative. Someone had removed a letter in my email address and decided to book a room at the Doubletree in Bangkok using points. They had to call the hotel directly to cancel because it was a close-in cancellation. This person, with a Russian name listed as the second guest, booked the room with a check-in time within a few hours. They were able to cancel the room and my pin number was changed. Right before going to bed, I got another email saying that my account change was updated. I was able to log directly into my account and noticed that this same person booked a room at the Hilton in Bangkok and changed my email address again!! I was on hold for 45 minutes to speak to a supervisor in which I just then hung up. The following morning I called in and they cancelled the room for that night. It was 11pm local time in Bangkok and they said that person hadn't checked in yet. I asked how they booked the room and the agent said that it appears that they booked it directly with the hotel. I suppose it might be possible since they were able to get my billing address, telephone number, etc from my profile the first time. Switching HHonor accounts is the easiest solution to hopefully prevent this from happening again. I even had my account "flagged" after the first incident and only 1 in 5 agents over the phone even asked me the additional security question.
pilotjustin is offline  
Old Feb 26, 15, 1:43 pm
  #163  
 
Join Date: Jun 2008
Location: PBI / JFK, ISP, LGA
Programs: AA, AS, AV, B6, DL, F9, WN
Posts: 861
Hilton HHonors has been a disaster for me. I've had many stays with them the past few months after a long drought. I just tried to remove my credit card info and was unable to do so. They say my info has been removed but my login page still shows my CC info.

Someone really needs to get this BS cleared up. I am starting to rethink my loyalty to Hilton.
Open Jaw is offline  
Old Feb 26, 15, 1:58 pm
  #164  
FlyerTalk Evangelist
 
Join Date: Jan 2005
Location: home = LAX
Posts: 25,678
Originally Posted by Open Jaw View Post
Hilton HHonors has been a disaster for me. I've had many stays with them the past few months after a long drought. I just tried to remove my credit card info and was unable to do so. They say my info has been removed but my login page still shows my CC info.

Someone really needs to get this BS cleared up. I am starting to rethink my loyalty to Hilton.
That's nothing new. As I recall, the solution is the change to a credit card that isn't valid (expired/cancelled/etc), rather than trying (unsuccessfully) to remove it.
sdsearch is offline  
Old Feb 26, 15, 3:01 pm
  #165  
 
Join Date: Sep 2011
Location: SFO/SMF
Programs: Holder of six "persona non-grata" awards
Posts: 1,911
See post #101 in this thread, this is how I do it.

Originally Posted by Open Jaw View Post
Hilton HHonors has been a disaster for me. I've had many stays with them the past few months after a long drought. I just tried to remove my credit card info and was unable to do so. They say my info has been removed but my login page still shows my CC info.

Someone really needs to get this BS cleared up. I am starting to rethink my loyalty to Hilton.
fozziedoggie is offline  

Thread Tools
Search this Thread