Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Hilton | Hilton Honors
Reload this Page >

HHonors Points Stolen Through Amazon.com

HHonors Points Stolen Through Amazon.com

Old Jul 25, 2019, 10:12 pm
  #106  
 
Join Date: Oct 2011
Posts: 54
Since you're using the same internet network but just changed PC, there wouldn't be an alert thus not asking for an enhanced verification,
They must have put a system where this would be asked for new connections/ip's/ new locations
psgfan12 is offline  
Old Jul 26, 2019, 12:00 am
  #107  
 
Join Date: Jan 2012
Location: Scottsdale, AZ
Programs: American ExecPlat, HHonors LT Diamond
Posts: 2
Happened to me the morning of 7/16 - had two emails at 5:00am in my inbox saying that my points had been redeemed at Amazon.com. I was up when they came in and saw that my point balance had gone from ~900K down to 70K.

I sent an email to the fraud dept at Hilton and called as soon as the Diamond desk opened (Lifetime Diamond).

They said they'd take care of it.

I hadn't heard anything until I got an email saying that my email address had been changed - when I logged on, it had been changed to an @hilton.com address. When I called in, they said that the fraud dept had taken control of the account & I would be issued a new one....

Have now been issued a new HHonors# & all points reinstated. Knowing what I know about frauds like this - no effort will be made to pursue the people who did it - free stuff.
teeepeee is offline  
Old Jul 26, 2019, 3:12 am
  #108  
 
Join Date: Mar 2015
Location: Dante's 6th Circle
Programs: British Airways, Hilton Hhonors, Avis, Hertz
Posts: 80
Originally Posted by sbiddle
There isn't a lot Hilton can do if people are being compromised (and it's clear at least some of the attacks are a direct result of this) because they're stupid enough to use the same password across multiple websites or services on the Internet.

It's basic security - you NEED to be using strong, unique passwords across EVERY website and service you visit. If you use the same password it's not a case of IF you'll be hacked, but WHEN.

Have unique strong passwords and a password manager and the Internet would be a much safer place for everybody. If you use the same password across multiple sites and your password(s) are currently on haveibeenpwned your chances of being compromised are significantly escalated.
Unique, strong passwords changed on a regular basis are a given. There's nothing Hilton can do about people's laziness or lack of cyber smarts, but that aside, there IS a several things Hilton can do...Offering two factor security and giving the ability to opt out of the Amazon and other such programs are a good start!
Now, I see in this thread that some have the option for two factor, which is well overdue...Having just checked my profile, I don't have the option...Hopefully it gets rolled quickly!
Crazyhotelguy likes this.
MoodyB is offline  
Old Jul 26, 2019, 5:44 am
  #109  
 
Join Date: Oct 2004
Location: Anywhere but home
Programs: UA 1K/MM, DL SM/MM, AA Gold, HH Dia, PC Plat, ALL Gold, MR Gold
Posts: 4,547
Being US-based, I was just able to select two-step verification in my Hilton Honors profile. It wasn't an option several days ago. I could choose between having a code sent to my phone or E-mail. I selected E-mail and received a code within seconds. I hope this works.
MoodyB likes this.
FlytheTail is offline  
Old Jul 26, 2019, 6:04 am
  #110  
 
Join Date: Dec 2011
Location: BOS
Programs: B6, Amtrak, DL, AA, Marriott, Hilton
Posts: 274
Just adding the data point, I was able to add it as well. Set up process works, but I forgot to try logging in from a different IP address last night to see if it every actually kicks in. I'm just a lowly Silver member, with under 100K points, so it's not like they're only offering it to high-volume customers!
MoodyB likes this.
octr202 is offline  
Old Jul 26, 2019, 10:00 am
  #111  
 
Join Date: Jan 2000
Location: ATL - DL DM/3MM - HH Lifetime Diamond - Marriott Lifetime Plat
Posts: 3,117
Originally Posted by FlytheTail
Being US-based, I was just able to select two-step verification in my Hilton Honors profile. It wasn't an option several days ago. I could choose between having a code sent to my phone or E-mail. I selected E-mail and received a code within seconds. I hope this works.
Thanks for that!
Was just able to complete the easy process.
Tomphot is offline  
Old Jul 29, 2019, 9:52 am
  #112  
 
Join Date: Jan 2011
Programs: AA
Posts: 28
My points were stolen on July 19, at which time I was told I'd have them back in 24-48 hours. I then received an email saying 7-10 business days. Today I called to check up on what's going on (still no points!) and was told it would take about 30 days because the FBI and Interpol are working the case and cannot reinstate the points until their investigation of "all the relevant IP addresses" is complete. So thorough! Interpol, even! Maybe they will get James Bond and Jack Reacher on the case!
Janepod is offline  
Old Jul 29, 2019, 10:01 am
  #113  
 
Join Date: Jun 2017
Programs: DL: DM UA: 1K
Posts: 27
My points were also stolen today. I called Hilton Honors Desk immediately and was told that the points will be reinstated within 3 - 5 business days. Let's see when I receive the points back to my account.
kazuyuki330 is offline  
Old Jul 29, 2019, 11:10 am
  #114  
 
Join Date: Aug 2002
Location: NYC
Posts: 334
Originally Posted by Petdog
I've lobbed in a request to Hilton customer service.
Pasted below is the response I received from Hilton re: two-factor authentication (2FA).

Summary: Contact Hilton customer service and request it. I called the Diamond desk; the agent wasn't familiar with the 2FA option and didn't have it on her own account, but tracked down the instructions and set 2FA up for me with a choice of email or text. It hasn't appeared yet. I'll check tomorrow from a different PC and IP address.

The full message:

Hi XXXX,

Thank you for your inquiry regarding 2 step authentication. We appreciate you taking the time to contact us.

Your loyalty towards Hilton is appreciated.

Please be requested to contact our chat support using below link and they will be happy to assist you with 2 factor authentication. They will send a security code on your registered e-mail ID or registered phone number, kindly share with them to enroll yourself for the authentication.

Link - http://hhonors3.hilton.com/en/support/index.html

As always, thanks for traveling with us and please let us know if you have any other questions. You can reach us any time at [email protected].

Happy travels,

XXXX
Corporate Guest Relations Specialist
Hilton Reservations and Customer Care
Petdog is offline  
Old Jul 29, 2019, 11:23 am
  #115  
 
Join Date: Sep 2006
Posts: 374
Just another data point - I'm also not being offered 2FA at this time.

Diamond, frequent stayer this year.
smithrh is offline  
Old Jul 30, 2019, 5:53 am
  #116  
 
Join Date: Oct 2004
Location: Anywhere but home
Programs: UA 1K/MM, DL SM/MM, AA Gold, HH Dia, PC Plat, ALL Gold, MR Gold
Posts: 4,547
I signed up for 2FA a few days ago and logged into my account yesterday from a different computer and different location. There was no request for the 2FA. Could that be because I had logged into my account on that computer a few days earlier?
FlytheTail is offline  
Old Jul 30, 2019, 1:49 pm
  #117  
 
Join Date: Aug 2002
Location: NYC
Posts: 334
Originally Posted by Petdog
Contact Hilton customer service and . . . the Diamond desk set 2FA up for me . . . . It hasn't appeared yet. I'll check tomorrow from a different PC and IP address.
The 2FA setting now appears in my profile ^

I wasn't prompted for it today (my guess is it's because it's from the same IP/PC as yesterday, though with a cleared cache). Still need to try from a different PC and IP.
Petdog is offline  
Old Jul 30, 2019, 2:57 pm
  #118  
 
Join Date: Oct 2000
Location: Seattle WA, USA
Programs: Hilton Diamond, Marriott LT Plat, AS Lounge
Posts: 3,478
Originally Posted by FlytheTail
I signed up for 2FA a few days ago and logged into my account yesterday from a different computer and different location. There was no request for the 2FA. Could that be because I had logged into my account on that computer a few days earlier?
Good question. This 2FA isn't behaving like the 2FA systems used by my financial institutions, email, etc. I keep going back to the wording I quoted before:

"Choose how you'd like to receive verification codes, and we'll send you one whenever we need to confirm your identity...."

They haven't told us their criteria for using the code. It would be nice to hear from someone who has been asked for the code to verify that it does indeed get triggered by something.
Westcoaster is offline  
Old Aug 3, 2019, 11:45 pm
  #119  
 
Join Date: Aug 2008
Location: MCO
Programs: DL-DM/1MM, HILTON-DIA, .HYATT-DIA/GLOB , IHG-PLT,HERTZ 5*, NATIONAL ES
Posts: 8,691
Just got hit for 700K

I have not traveled as much as of late and did not notice this issue until now. But now I am working with the fraud department to get the points back. I never received the email stating points were used and the activity does not show up in my honors account when logged in. Very odd I am none too pleased to have to deal with this, but oh well. It could be worse I guess.
Crazyhotelguy is offline  
Old Aug 4, 2019, 12:25 am
  #120  
 
Join Date: Dec 2012
Location: YVR, HNL
Programs: AS 75k, UA peon, BA Bronze, AC E50k, Marriott Plat, HH Diamond, Fairmont Plat (RIP)
Posts: 7,817
Originally Posted by Crazyhotelguy
I have not traveled as much as of late and did not notice this issue until now. But now I am working with the fraud department to get the points back. I never received the email stating points were used and the activity does not show up in my honors account when logged in. Very odd I am none too pleased to have to deal with this, but oh well. It could be worse I guess.
How do you know that it was an Amazon redemption then? If you never received any emails saying the points were used and the activity doesnt show in your account, how do you know this is what happened?
Finkface is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.