JBD

On a regular basis I monitor my miles and points accounts to confirm accurate activity being recorded, and most importantly, to confirm that it is still my email address/phone/physical address listed in my profile page.

[To those unaware of why this is important, hackers who get into your account will change your contact info prior to setting up points transfers or booking awards for themselves - most commonly they'll change your email address. See the current threads about HH points stolen for Amazon purchases for recent experiences with this.]

But on the new site it's impossible to check your personal data. You're first given a page that shows your email address with only its last letter and the email domain, and there's an "Edit" button. But when you select "Edit" you're shown another page which also does not display your full contact info, but rather it's as I described above. So there seems to be no way to confirm that the email address that HH has associated with your account is actually yours. The only option I see is to re-enter your email as if it's a true update to your account.

Am I missing something? Is there a way to confirm that HH has your accurate email address on their new website?

pmarrsouth

Hopefully you see that it is in fact more secure than them displaying all your info

If you are very concerned about security, then buy your own domain and use a different email address for everything

JBD

I've learned to follow the great suggestions from my fellow FTers. That's how I know to check my accounts the way I do. Your suggestion that I should pay for my own domain to circumnavigate HH's flawed new website, though, seems questionable.

Marriott's site similarily doesn't show the personal data unless you click on Edit, but when you do, you then see what's stored in there. I'd bet that's what the HH programmers were going for.

But perhaps the programmers thought as you seem to, that by prohibiting the customer from verifying their data is an enhancement. If so, I stand by my opinion that this is unwise as it gives hackers even more cover.

I've pm'd Lauren about this, asking her to please pass my concern along to the appropriate department. The new site is so buggy, I'm hoping that this does get ironed out.

JasWon

Thank you, corporate-wage-slave, for coming to the rescue yet again. Using your link I was able to view rates applicable to my company rate code, but when I tried to book a room I was taken back to the 'new, enhanced' site which does not allow me to plug in my rate code. It is late on Friday and high time to book another hotel chain instead of wasting my time with this.

pmarrsouth

It will generally help with your overall security. Apologies for sounding questionable while trying to assist you with such an issue. Its also a great and easy way to track & block SPAM, plus see what companies are selling your info, etc

Hacker gains access to a HH account, due to a data breach, using a HH number and password. Hacker does not have the email address associated to that account. Hacker goes to the preferences/profile page and finds the email address attached to that account. Hacker then goes and tries to log into said email account using the same password, and it works due to [insert large percentage here] of people use the same password for everything. Once they log in, they can see all the emails that the person gets and can see which programs that person is part of. Hacker now has access to pretty much every one of them

So yea, them hiding some/most of an email address can enhance security, much like HH (and most other sites) hide some/most of your CC details on file too


True

JBD

What I've read here and on other FT forums over the years, is not what you described above, but rather reports that a hacker got into someone's account, changed their email address on file, then booked a room or transferred to Amazon, or what have you, and the confirmation email didn't come to them, it went instead to the new email address.

Is is this fraudulent activity that can be harnessed when you check your account data on a regular basis. And the HH's new website makes this self-verification impossible.

What you describe is not a concern of mine since I have different, and complex passwords for every account I access online. Because I learned to do that on FT

pmarrsouth

Sites who take security somewhat seriously should be at minimum sending an email to users if the email address on file is changed (saves you logging in every few minutes to make sure that your account is secure). Hilton does this:



You will rightly have issue with the second sentence

Good work, you are halfway there

stc

For the record, I was able to get the old webpage back by clearing all my cookies that had "hilton" in them.

Dublin_rfk

I have the same today (4/13) I need to select find a hotel to have access to a login box.
reCapta is also screwy some images are so blurred as to be useless.

DCAFly

I still can't get over how stretched the image is. Some junior programmer just found an image and dragged it to make it fit the screen. That poor woman looks like her face is being reflected in a fun house mirror.

SS255

Thank you for this. I had to go into my profile to change something, and there is no way to do that on the new website that I could find -- even after logging into my account. MASSIVE FAIL!

wontfix

Just use the HHonors page instead:
https://hiltonhonors3.hilton.com/en/index.html

KathyWdrf

Even if I start on this page, I still get the same garbage. For example, it is not possible to edit certain preferences (such as Travel Partners) -- you just get a message "There was an error saving your changes."

stc

I had the same problem trying to change my primary credit card to the Aspire card. I kept trying over a few days and eventually it worked.

Hilton IT seems to be taking lessons from Marriott.

gooselee

I'm just now noticing the new page. Went in to check points on a stay, and nothing shows up for any of my past stays (and certainly no way to expand to see the usual details of base+bonus+promo points). Is this happening to anyone else?

I can still see everything in the Android app; just not sure if there's a new place to find this info on the actual website.