HHonors Points Stolen Through Amazon.com
#107
Join Date: Jan 2012
Location: Scottsdale, AZ
Programs: American ExecPlat, HHonors LT Diamond
Posts: 2
Happened to me the morning of 7/16 - had two emails at 5:00am in my inbox saying that my points had been redeemed at Amazon.com. I was up when they came in and saw that my point balance had gone from ~900K down to 70K.
I sent an email to the fraud dept at Hilton and called as soon as the Diamond desk opened (Lifetime Diamond).
They said they'd take care of it.
I hadn't heard anything until I got an email saying that my email address had been changed - when I logged on, it had been changed to an @hilton.com address. When I called in, they said that the fraud dept had taken control of the account & I would be issued a new one....
Have now been issued a new HHonors# & all points reinstated. Knowing what I know about frauds like this - no effort will be made to pursue the people who did it - free stuff.
I sent an email to the fraud dept at Hilton and called as soon as the Diamond desk opened (Lifetime Diamond).
They said they'd take care of it.
I hadn't heard anything until I got an email saying that my email address had been changed - when I logged on, it had been changed to an @hilton.com address. When I called in, they said that the fraud dept had taken control of the account & I would be issued a new one....
Have now been issued a new HHonors# & all points reinstated. Knowing what I know about frauds like this - no effort will be made to pursue the people who did it - free stuff.
#108
Join Date: Mar 2015
Location: Dante's 6th Circle
Programs: British Airways, Hilton Hhonors, Avis, Hertz
Posts: 80
There isn't a lot Hilton can do if people are being compromised (and it's clear at least some of the attacks are a direct result of this) because they're stupid enough to use the same password across multiple websites or services on the Internet.
It's basic security - you NEED to be using strong, unique passwords across EVERY website and service you visit. If you use the same password it's not a case of IF you'll be hacked, but WHEN.
Have unique strong passwords and a password manager and the Internet would be a much safer place for everybody. If you use the same password across multiple sites and your password(s) are currently on haveibeenpwned your chances of being compromised are significantly escalated.
It's basic security - you NEED to be using strong, unique passwords across EVERY website and service you visit. If you use the same password it's not a case of IF you'll be hacked, but WHEN.
Have unique strong passwords and a password manager and the Internet would be a much safer place for everybody. If you use the same password across multiple sites and your password(s) are currently on haveibeenpwned your chances of being compromised are significantly escalated.
Now, I see in this thread that some have the option for two factor, which is well overdue...Having just checked my profile, I don't have the option...Hopefully it gets rolled quickly!
#109
Join Date: Oct 2004
Location: Anywhere but home
Programs: UA 1K/MM, DL SM/MM, AA Gold, HH Dia, PC Plat, ALL Gold, MR Gold
Posts: 4,547
Being US-based, I was just able to select two-step verification in my Hilton Honors profile. It wasn't an option several days ago. I could choose between having a code sent to my phone or E-mail. I selected E-mail and received a code within seconds. I hope this works.
#110
Join Date: Dec 2011
Location: BOS
Programs: B6, Amtrak, DL, AA, Marriott, Hilton
Posts: 274
Just adding the data point, I was able to add it as well. Set up process works, but I forgot to try logging in from a different IP address last night to see if it every actually kicks in. I'm just a lowly Silver member, with under 100K points, so it's not like they're only offering it to high-volume customers!
#111
Join Date: Jan 2000
Location: ATL - DL DM/3MM - HH Lifetime Diamond - Marriott Lifetime Plat
Posts: 3,117
Being US-based, I was just able to select two-step verification in my Hilton Honors profile. It wasn't an option several days ago. I could choose between having a code sent to my phone or E-mail. I selected E-mail and received a code within seconds. I hope this works.
Was just able to complete the easy process.
#112
Join Date: Jan 2011
Programs: AA
Posts: 28
My points were stolen on July 19, at which time I was told I'd have them back in 24-48 hours. I then received an email saying 7-10 business days. Today I called to check up on what's going on (still no points!) and was told it would take about 30 days because the FBI and Interpol are working the case and cannot reinstate the points until their investigation of "all the relevant IP addresses" is complete. So thorough! Interpol, even! Maybe they will get James Bond and Jack Reacher on the case!
#114
Join Date: Aug 2002
Location: NYC
Posts: 334
Pasted below is the response I received from Hilton re: two-factor authentication (2FA).
Summary: Contact Hilton customer service and request it. I called the Diamond desk; the agent wasn't familiar with the 2FA option and didn't have it on her own account, but tracked down the instructions and set 2FA up for me with a choice of email or text. It hasn't appeared yet. I'll check tomorrow from a different PC and IP address.
The full message:
Hi XXXX,
Thank you for your inquiry regarding 2 step authentication. We appreciate you taking the time to contact us.
Your loyalty towards Hilton is appreciated.
Please be requested to contact our chat support using below link and they will be happy to assist you with 2 factor authentication. They will send a security code on your registered e-mail ID or registered phone number, kindly share with them to enroll yourself for the authentication.
Link - http://hhonors3.hilton.com/en/support/index.html
As always, thanks for traveling with us and please let us know if you have any other questions. You can reach us any time at [email protected].
Happy travels,
XXXX
Corporate Guest Relations Specialist
Hilton Reservations and Customer Care
Summary: Contact Hilton customer service and request it. I called the Diamond desk; the agent wasn't familiar with the 2FA option and didn't have it on her own account, but tracked down the instructions and set 2FA up for me with a choice of email or text. It hasn't appeared yet. I'll check tomorrow from a different PC and IP address.
The full message:
Hi XXXX,
Thank you for your inquiry regarding 2 step authentication. We appreciate you taking the time to contact us.
Your loyalty towards Hilton is appreciated.
Please be requested to contact our chat support using below link and they will be happy to assist you with 2 factor authentication. They will send a security code on your registered e-mail ID or registered phone number, kindly share with them to enroll yourself for the authentication.
Link - http://hhonors3.hilton.com/en/support/index.html
As always, thanks for traveling with us and please let us know if you have any other questions. You can reach us any time at [email protected].
Happy travels,
XXXX
Corporate Guest Relations Specialist
Hilton Reservations and Customer Care
#116
Join Date: Oct 2004
Location: Anywhere but home
Programs: UA 1K/MM, DL SM/MM, AA Gold, HH Dia, PC Plat, ALL Gold, MR Gold
Posts: 4,547
I signed up for 2FA a few days ago and logged into my account yesterday from a different computer and different location. There was no request for the 2FA. Could that be because I had logged into my account on that computer a few days earlier?
#117
Join Date: Aug 2002
Location: NYC
Posts: 334
I wasn't prompted for it today (my guess is it's because it's from the same IP/PC as yesterday, though with a cleared cache). Still need to try from a different PC and IP.
#118
Join Date: Oct 2000
Location: Seattle WA, USA
Programs: Hilton Diamond, Marriott LT Plat, AS Lounge
Posts: 3,478
"Choose how you'd like to receive verification codes, and we'll send you one whenever we need to confirm your identity...."
They haven't told us their criteria for using the code. It would be nice to hear from someone who has been asked for the code to verify that it does indeed get triggered by something.
#119
Join Date: Aug 2008
Location: MCO
Programs: DL-DM/1MM, HILTON-DIA, .HYATT-DIA/GLOB , IHG-PLT,HERTZ 5*, NATIONAL ES
Posts: 8,691
Just got hit for 700K
I have not traveled as much as of late and did not notice this issue until now. But now I am working with the fraud department to get the points back. I never received the email stating points were used and the activity does not show up in my honors account when logged in. Very odd I am none too pleased to have to deal with this, but oh well. It could be worse I guess.
#120
Join Date: Dec 2012
Location: YVR, HNL
Programs: AS 75k, UA peon, BA Bronze, AC E50k, Marriott Plat, HH Diamond, Fairmont Plat (RIP)
Posts: 7,817
I have not traveled as much as of late and did not notice this issue until now. But now I am working with the fraud department to get the points back. I never received the email stating points were used and the activity does not show up in my honors account when logged in. Very odd I am none too pleased to have to deal with this, but oh well. It could be worse I guess.