FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Hilton | Hilton Honors (https://www.flyertalk.com/forum/hilton-hilton-honors-417/)
-   -   Consolidated "Hilton Honors Account Hacked" thread (https://www.flyertalk.com/forum/hilton-hilton-honors/1570071-consolidated-hilton-honors-account-hacked-thread.html)

rhoman Jul 25, 2017 7:57 am

Not sure if this is still happening to ppl. But looks like my account got hacekd last night and they transferred 51K to points.com. Have with their fraud dept.

gauntlet3h Jul 25, 2017 9:44 pm

960K Hilton honors points hacked
 
Today while at work I got spammed with emails from Hilton all in a matter of minutes.

"Your Hilton Honors Points Redemption has been confirmed"

There were 10 emails in total. 9 of them my total points balance went down by 100K and the last one 60K leaving me with a little over 1K points left.

I immediately called the number in the email. "Your privacy is important to us, if you did not authorize the point redemption on your account or any changes during the transaction, please contact Hilton Honors at 1-800-446-6677 to speak with a customer service representative."

After about 40 minutes of being juggled between reps explaining my situation, being put on hold, explaining it again. They tell me they created a case with the fraud department and have it as high priority and that the fraud department would contact me shortly.

I looked everywhere on my Hilton account to see where they spent the points. I checked the shopping affiliation to see if they redeemed it for merchandise or gift cards and nothing. I changed most of my profile credentials when I stumbled upon a change to my account that I didn't make. I noticed that there was a foreign airline partner added to the preferences section with a member number that I did not recognize. That's when I realize that they transferred the points to their airline flyer program in increments of 100K since that is the max Hilton lets you transfer per transaction.

I immediately call Hilton back to share with them my discovery in hopes that they can easily reverse or cancel the points transfer. There also is a disclaimer when transferring points to a partner that it can take up to 30 days. The Hilton agent looked into my account and let me know that there is a fraud case open and that it could take 5-7 business days!

I also called the partner airline and let them know that someone accessed my Hilton account unauthorized and transferred my points to their airline program. Wow were they helpful and did they show EMPATHY! I was sad to see how little empathy Hilton customer reps showed a loyal Diamond member of 5 years and were just waiting for their shift to get over. The partner airline told me that the account I gave them is currently locked. She could not see what time or when it got locked but it made me a little bit more at ease knowing that whoever stole my points wasn't going to gain from them.

The purpose of my post is to see if any other Hilton members have had their accounts breached and if they got their points back from Hilton. I am still in disbelief that I could lose 960K points that I accumulated for the past 5 years saving it up for my honeymoon early next year!

Canarsie Jul 25, 2017 10:10 pm

I would not worry about it.

I have been the target of fraud in other frequent guest loyalty programs and have never had an issue with having all of my points recovered.

You have already reported it; and Hilton Honors is on the case.

eponymous_coward Jul 25, 2017 10:33 pm


Originally Posted by gauntlet3h (Post 28608093)
The purpose of my post is to see if any other Hilton members have had their accounts breached and if they got their points back from Hilton. I am still in disbelief that I could lose 960K points that I accumulated for the past 5 years saving it up for my honeymoon early next year!

http://www.flyertalk.com/forum/hilto...ct-2014-a.html

chistery Jul 26, 2017 7:01 am


Originally Posted by gauntlet3h (Post 28608093)
I immediately called the number in the email. "Your privacy is important to us, if you did not authorize the point redemption on your account or any changes during the transaction, please contact Hilton Honors at 1-800-446-6677 to speak with a customer service representative."

Never call numbers given to you in emails, always get it from another source.

Need Jul 26, 2017 8:13 am


Originally Posted by chistery (Post 28609519)
Never call numbers given to you in emails, always get it from another source.

Yes that. But in this case, the number was 1-800-HHONORS so I think it is okay. :)

BTW, I didn't know you could transfer HH points to airlines. :p Must be horrible ratio since I have never read about anyone doing it...

rhoman Jul 26, 2017 12:44 pm

Yeah I got hacked on Monday. I only lost 51K points. I changed my password and have a case open with the fraud dept too. Based on reading through the trhead of other cases, I assume we will get issued new membership # and get our points back... hopefully.

Canarsie Jul 26, 2017 12:48 pm


Originally Posted by rhoman (Post 28611052)
Yeah I got hacked on Monday. I only lost 51K points. I changed my password and have a case open with the fraud dept too. Based on reading through the trhead of other cases, I assume we will get issued new membership # and get our points back... hopefully.

What will more likely happen is that you will keep your membership number; and you will be required to change your password to better protect the Hilton Honors points which will have been redeposited into your account.

Originally Posted by eponymous_coward (Post 28608259)

This discussion will be given a little more time on its own before being merged with the other discussion.

serpens Jul 26, 2017 1:03 pm


Originally Posted by chistery (Post 28609519)
Never call numbers given to you in emails, always get it from another source.

Generally, this is good advice, but what do you do if the number is not available from another source? For example, if the OP had been instructed to call a Fraud Line at an unpublished number at Hilton, what should he or she have done?

Canarsie Jul 26, 2017 1:34 pm


Originally Posted by serpens (Post 28611167)
Generally, this is good advice, but what do you do if the number is not available from another source? For example, if the OP had been instructed to call a Fraud Line at an unpublished number at Hilton, what should he or she have done?

Call any published telephone number for Hilton and have the representative on the other end transfer you to the appropriate department...

...or contact HonorsRepresentative via private message here at FlyerTalk.

gauntlet3h Jul 26, 2017 1:37 pm

Thanks for all the feedback and great responses. I really appreciate it.

The password that I had was not an easy one and was 10+ characters long. My new one is a lot longer now.

Still waiting for the fraud department to contact me. I'm guessing I would hear from them near the end of the week/early next week.

serpens Jul 26, 2017 6:55 pm


Originally Posted by Canarsie (Post 28611369)
Call any published telephone number for Hilton and have the representative on the other end transfer you to the appropriate department...

My experience does not include Hilton, but in my experience, one part of a large organization might have no idea what the number is for another part of the large organization. Also in my experience, one part of the large organization might be unwilling to connect a caller to another part of the large organization.


...or contact HonorsRepresentative via private message here at FlyerTalk.
If I had learned that almost a million points had disappeared from my account, I would not want to wait for someone to respond to a private message. I'm not saying that waiting isn't the smarter course of action, but I would want to be doing something immediately.

Canarsie Jul 26, 2017 9:23 pm


Originally Posted by serpens (Post 28612663)
My experience does not include Hilton, but in my experience, one part of a large organization might have no idea what the number is for another part of the large organization. Also in my experience, one part of the large organization might be unwilling to connect a caller to another part of the large organization.

If I had learned that almost a million points had disappeared from my account, I would not want to wait for someone to respond to a private message. I'm not saying that waiting isn't the smarter course of action, but I would want to be doing something immediately.

I am more than happy for myself and other FlyerTalk members to learn of the alternative methods which you would advise instead of — or in addition to — the ones I suggested...

...but what I can tell you is that what I suggested is based on my own personal experience and has worked for me.

RogerD408 Jul 27, 2017 7:00 am


Originally Posted by serpens (Post 28612663)
My experience does not include Hilton, but in my experience, one part of a large organization might have no idea what the number is for another part of the large organization. Also in my experience, one part of the large organization might be unwilling to connect a caller to another part of the large organization.



If I had learned that almost a million points had disappeared from my account, I would not want to wait for someone to respond to a private message. I'm not saying that waiting isn't the smarter course of action, but I would want to be doing something immediately.

With all the outsourcing and offshoring of support lines, this is a bigger problem than it should be. But blindly calling a number provided in an email is fraught with hazards. Just like clicking a link in the email, you have to look closely to see if it takes you to the site it says it is. And you have to watch for phony sites like www.hilton.tv instead of www.hilton.com.

Granted in this case the vanity number is pretty safe. But if you can't find the number on their public website or calling the main number doesn't work, then Google the number given to see if it's been reported online.

serpens Jul 27, 2017 7:00 am

Canarsie, I believe your advice is spot-on, and I have no better alternatives to offer. On the other hand, I believe your advice would not work in all situations, due to disinterested or dysfunctional organizations. I also noted that I might, in a situation where a large number of points disappeared, panic and take some action, even if that action might turn out to be against my interest, and I would not be surprised if others might act similarly.


All times are GMT -6. The time now is 8:14 pm.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.