HHonors Points Stolen Through Amazon.com
Apr 25, 2019, 12:51 pm
#16
Join Date: Feb 2000
Location: Columbia, SC
Programs: a little here, a little there
Posts: 1,443
You know it's also interesting that a few posts away from this one is a thread that asks people how many Hhonors points you have... that's one bit of data that could help hackers target people with large balances.
At any rate, y'all just motivated me to go change my Hilton password to something that I haven't used anywhere else.
At any rate, y'all just motivated me to go change my Hilton password to something that I haven't used anywhere else.
Apr 28, 2019, 8:55 am
#18
Join Date: Dec 2016
Posts: 4
I received an email Saturday to say my points have been used to make an Amazon purchase - signed into HH - all gone !! The FOLLOWING day I received another saying I had linked my account followed a couple of hours later by another email saying I have unlinked it !! None of which I have done.
Have emailed HH but nothing back yet - interestingly they appear to have updated the email to say if this wasn't you contact Amazon !!
If I don't get the points restored then the HH accounts gets closed and so does my business with the Hilton Brand
(Can't even change my password as its saying its invalid yet seconds earlier clearly it was ok as I signed onto it - the feedback tab doesn't work and all the links in 'preferences' return 'Not Found' - looks like the website is a work in progress by a 12 year old !
Have emailed HH but nothing back yet - interestingly they appear to have updated the email to say if this wasn't you contact Amazon !!
If I don't get the points restored then the HH accounts gets closed and so does my business with the Hilton Brand
(Can't even change my password as its saying its invalid yet seconds earlier clearly it was ok as I signed onto it - the feedback tab doesn't work and all the links in 'preferences' return 'Not Found' - looks like the website is a work in progress by a 12 year old !
Apr 28, 2019, 9:46 am
#19
FlyerTalk Evangelist
Join Date: Jul 1999
Location: ORD/MDW
Programs: BA/AA/AS/B6/WN/ UA/HH/MR and more like 'em but most felicitously & importantly MUCCI
Posts: 19,719
EDIT / 29 April: Hilton reached out to me 15 days after the breach came to my attention and resolved the question to my satisfaction. I have to say that once service recovery kicked in, it was personal, clear, and effective. The only downside is, I have to commit a new Honors account number to memory.
Original post (partial):
Update to say it's now been two weeks since hackers emptied my account, the Honors rep promised resolution within five business days, but nothing has happened. A second call to Honors yielded nothing (rep conceded she has taken multi calls from Amazon fraud victims). Polite email at midweek to the Hilton fraud desk has gone unanswered.
Original post (partial):
Update to say it's now been two weeks since hackers emptied my account, the Honors rep promised resolution within five business days, but nothing has happened. A second call to Honors yielded nothing (rep conceded she has taken multi calls from Amazon fraud victims). Polite email at midweek to the Hilton fraud desk has gone unanswered.
Last edited by BearX220; Apr 29, 2019 at 11:52 am
Apr 28, 2019, 12:43 pm
#20
Join Date: Nov 2011
Location: NYC
Programs: HH Diamond, Hyatt Globalist, Marriott Bonvoy Gold
Posts: 694
https://thepointsguy.com/news/hilton...ned-of-points/
https://loyaltylobby.com/2019/04/19/...ts-via-amazon/
I'm still baffled as to how the point drainage happens to HH accounts that are not linked to Amazon.
https://loyaltylobby.com/2019/04/19/...ts-via-amazon/
I'm still baffled as to how the point drainage happens to HH accounts that are not linked to Amazon.
Apr 28, 2019, 1:16 pm
#21
FlyerTalk Evangelist
Join Date: Jul 1999
Location: ORD/MDW
Programs: BA/AA/AS/B6/WN/ UA/HH/MR and more like 'em but most felicitously & importantly MUCCI
Posts: 19,719
Deleted as my issue has now been very effectively addressed by Hilton.
Last edited by BearX220; Apr 29, 2019 at 11:53 am
Apr 29, 2019, 11:38 am
#23
Join Date: Dec 2016
Posts: 4
Just an update I just contacted Amazon and they are very adamant the problem is Hiltons and there's nothing for them to do. (I guess logical given its the Hilton accounts that have been hacked). They also confirmed they are aware of the scam.
Apr 29, 2019, 12:02 pm
#24
FlyerTalk Evangelist
Join Date: Jul 2001
Location: Phoenix, AZ
Programs: HH Gold, AA Gold
Posts: 10,458
It seems like either Hilton and/or Amazon should temporarily shut down the ability to redeem Hilton points on Amazon until such breach is fixed. I understand Amazon's position since Hilton has all the account information and can verify that they are talking to the correct person. Hilton certainly has to start the investigation from their end, but you would think Amazon would want to try to stop the shipments as quickly as possible.
Apr 29, 2019, 1:04 pm
#25
FlyerTalk Evangelist
Join Date: Sep 2002
Location: IND
Programs: DL PM & 2MM™, Lifetime HHonors Diamond
Posts: 20,889
Apr 30, 2019, 5:46 am
#26
Join Date: Feb 2009
Location: UK
Posts: 774
You know it's also interesting that a few posts away from this one is a thread that asks people how many Hhonors points you have... that's one bit of data that could help hackers target people with large balances.
At any rate, y'all just motivated me to go change my Hilton password to something that I haven't used anywhere else.
At any rate, y'all just motivated me to go change my Hilton password to something that I haven't used anywhere else.
2/3mil HH points isn't unusual here, but it's unusual across the entire population.
So what could be easier than having people do the work for you in idenfiying themselves as high risk targets.
For bonus points, those insane enough to use the same username here as with HH are disproportinately more likely to be daft enough to use the same password either betwee FT/HH or anywhere else on the internet and HH.
Come on people, this is like vaccinations, if we want this sort of thing to stop it has to stop being profitable. If we each improve our security we *all* improvie our security. Get onto haveibeenpwned.com and if you see yourself on there, then understand: You are in the queue to be compromised. When, not if. The only reason it hasn't happened already is that it's a big queue.
/rant
Apr 30, 2019, 6:55 am
#27
Join Date: Sep 2015
Location: flyover country
Posts: 2,435
Well, yes. But another point of view is that there will always be bad actors looking for low hanging fruit.
Apr 30, 2019, 7:18 am
#28
Join Date: Sep 2012
Posts: 23
Apparently the points stealing schemes are still going on. I received 2 emails yesterday from Hilton saying that my HHonors points had been redeemed through Amazon.com. I immediately logged into my Hilton account and I've gone from approx 268,000 down to 1000, so around 267,000 were stolen. No idea how this could have happened. Email stated to call Amazon if there is a problem with the transaction or if I was not the one who placed an order. It doesn't make sense that they say they cannot track down a transaction using my Hilton number as there has to be some kind of record of the points transfer from Hilton. I don't know if there are other sources I can contact to get this situation taken care of.
Called Amazon and was told that they have no record of the transaction taking place and there is no purchase using points in my history. They basically said there is nothing they can do except talk with Hilton to see if "this is a valid transaction" and that they would get back to me in a week or so. No guarantees that they will be able to find anything. Sounds like they are trying to blame Hilton.
Called Hilton to report the fraud. Hilton stated that they could see 2 separate transactions in my account. One for 114,500 and one for 134,000 (I know the math doesn't add up; who knows). Hilton said they would have to talk to Amazon "to determine if the points transfer was valid" and they would contact me "if there was anything they could do". Sounds like they are trying to blame Amazon. No guarantees that they will find anything.
I am a long time Hilton Honors member and Hilton credit cardholder. Very loyal to the brand as they have always treated me well during my stays. I've been a Prime member for many years as well. I'm not sure if this is an Amazon.com problem or a Hilton security problem. All passwords have been changed for both accounts and credit card. As a precaution, I removed all payment sources from both accounts as well.
Any advice is greatly appreciated. This really puts a burden on my travel expenses as I was using them to pay for stays while travelling for my business.
Called Amazon and was told that they have no record of the transaction taking place and there is no purchase using points in my history. They basically said there is nothing they can do except talk with Hilton to see if "this is a valid transaction" and that they would get back to me in a week or so. No guarantees that they will be able to find anything. Sounds like they are trying to blame Hilton.
Called Hilton to report the fraud. Hilton stated that they could see 2 separate transactions in my account. One for 114,500 and one for 134,000 (I know the math doesn't add up; who knows). Hilton said they would have to talk to Amazon "to determine if the points transfer was valid" and they would contact me "if there was anything they could do". Sounds like they are trying to blame Amazon. No guarantees that they will find anything.
I am a long time Hilton Honors member and Hilton credit cardholder. Very loyal to the brand as they have always treated me well during my stays. I've been a Prime member for many years as well. I'm not sure if this is an Amazon.com problem or a Hilton security problem. All passwords have been changed for both accounts and credit card. As a precaution, I removed all payment sources from both accounts as well.
Any advice is greatly appreciated. This really puts a burden on my travel expenses as I was using them to pay for stays while travelling for my business.
I have send multiple emails to Hilton Management stating they should MASK the Account numbers when emailing statements - Nothing done/no acknowledgement
On the other Hand Marriott will mask the A/C number in monthly emails and show only few last digits
Apr 30, 2019, 8:35 am
#29
Join Date: Oct 2012
Posts: 7
I would recommend anyone that hasn't changed their password in awhile change it.
Apr 30, 2019, 8:48 am
#30
FlyerTalk Evangelist
Join Date: Apr 2001
Location: NYC
Posts: 27,227
I was reading the other day about how much phone scammers/spoofers have generated in revenues recently -- in the billions! And IIRC, it surprisingly wasn't from the elderly, it was from millennials. I just can't fathom how many people must be getting duped by the scams, but then again, ~half this country is inordinately stupid.