Go Back  FlyerTalk Forums > Miles&Points > Hotels and Places to Stay > Hilton | Hilton Honors
Reload this Page >

Points Missing or Fraudulent Activity in Hilton Honors Account

Points Missing or Fraudulent Activity in Hilton Honors Account

Old Sep 23, 2021, 2:11 pm
  #91  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,183
It's sad that the problem could largely have been avoided if you had received an automatic notification (to the email account that you had on file previously) of the email address being changed.
MSPeconomist is offline  
Old Sep 23, 2021, 3:31 pm
  #92  
 
Join Date: Mar 2009
Programs: Hilton credit card Diamond, Hyatt Globalist
Posts: 2,648
Originally Posted by MSPeconomist
It's sad that the problem could largely have been avoided if you had received an automatic notification (to the email account that you had on file previously) of the email address being changed.
Not necessarily, if the hacker has access to the victim's e-mail account, he can just delete the notification.
jbeckett is offline  
Old May 11, 2022, 3:48 am
  #93  
 
Join Date: May 2022
Programs: hhoners
Posts: 2
Originally Posted by Hilton Honors Ambassador
I would be glad to pass this along if you will send me your name and Honors account number to reference.

Best regards,

William
hi Hilton Honors Ambassador
i am not sure if you can help me but i just found out that my account was emptied on hotel stays that i did not make. could you help me please as i was saving those points year over year for something special -we are having a baby after waiting 10 years- and when the time comes to use them i was shocked to see that they were stolen back in march/april 2022. i sent an email to hhfrudprotection but i am so desperate so i thought maybe you could help me.

i am so sad
please let me know if you can help me.

Last edited by Canarsie; May 11, 2022 at 9:14 am Reason: Consolidation.
Fay Hashiim is offline  
Old May 17, 2022, 7:41 am
  #94  
Company Representative - Honors by Hilton
 
Join Date: Aug 2009
Programs: Hilton Honors
Posts: 1,515
Originally Posted by Fay Hashiim
hi Hilton Honors Ambassador
i am not sure if you can help me but i just found out that my account was emptied on hotel stays that i did not make. could you help me please as i was saving those points year over year for something special -we are having a baby after waiting 10 years- and when the time comes to use them i was shocked to see that they were stolen back in march/april 2022. i sent an email to hhfrudprotection but i am so desperate so i thought maybe you could help me.

i am so sad
please let me know if you can help me.
I'm very sorry to hear this happened, but the only help I can offer is to be sure that the fraud team is aware and is working on the issue. If you still need assistance, send me the following information in a private message here at FlyerTalk:

Full name
Honors account number
Case number, if you have one.

Best regards,

William
Hilton Honors Ambassador is offline  
Old May 19, 2022, 1:58 am
  #95  
 
Join Date: May 2022
Programs: hhoners
Posts: 2
Originally Posted by Hilton Honors Ambassador
I'm very sorry to hear this happened, but the only help I can offer is to be sure that the fraud team is aware and is working on the issue. If you still need assistance, send me the following information in a private message here at FlyerTalk:

Full name
Honors account number
Case number, if you have one.

Best regards,

William

hi william
thank you for your help. the fraud team did an amazing job already.

have a good day
Fay Hashiim is offline  
Old Aug 27, 2022, 3:12 pm
  #96  
 
Join Date: May 2002
Location: Portland, OR
Programs: DL MM Plat, PC&HH Gold
Posts: 2,602
Stolen Honors points

Just got off the phone with a friend. He says a Hilton points reservation was just made with his points with the room reservation in his name, and an unknown 3rd party was added to the record.

Is anyone else running into this type of points theft?

My friend says he has extra security turned including 2-factor. If they did this online, Hilton has a serious security flaw somewhere. Anyone with access to the reservation system could pull this off.

Bottom line, keep on eye on your balances!
doglover is offline  
Old Aug 29, 2022, 8:53 am
  #97  
 
Join Date: May 2022
Posts: 2,063
Originally Posted by doglover
Just got off the phone with a friend. He says a Hilton points reservation was just made with his points with the room reservation in his name, and an unknown 3rd party was added to the record.

Is anyone else running into this type of points theft?

My friend says he has extra security turned including 2-factor. If they did this online, Hilton has a serious security flaw somewhere. Anyone with access to the reservation system could pull this off.

Bottom line, keep on eye on your balances!
Was this a past reservation? If not cancel it
Schnit is offline  
Old Oct 1, 2022, 4:53 pm
  #98  
 
Join Date: Oct 2022
Programs: HHonors, AAdvantage
Posts: 1
Exclamation Hilton account hacked and points redeemed on Amazon

Similar to a couple of folks in this thread, my HHonors account was hacked and they absconded with almost 2 million points. I was out for a couple of hours today and when I check my email, I had one that said:

- MARK, you have successfully added your phone number to your Hilton Honors account

followed by the follow emails (Subject line):
- Your Hilton Honors Account is now linked to Amazon.com
- Your Hilton Honors Points have been redeemed at Amazon.com
- Your Hilton Honors Points have been redeemed at Amazon.com
- Your Hilton Honors Points have been redeemed at Amazon.com
- Your Hilton Honors Points have been redeemed at Amazon.com
- Your Hilton Honors Points have been redeemed at Amazon.com

In total, 1,952,170 points were redeemed. I didn't even know you could redeem Hilton points on Amazon. It appears account was hacked, then they added a phone number to my account, made it the preferred phone number, and made that number my "enhanced security" number. When I tried to log in to the website, my password didn't work (obviously changed), so I reset it using my email address on file, and logged in. I couldn't remove the new phone number from my list and when I tried to change the phone number for 2FA, it wanted to text me a verification code - which I obviously couldn't receive.

HHonors rep on the phone opened up a fraud case and documented the particulars. They said the fraud team should get back to me in 5-7 business days. I'll update this thread if and when that happens. Seems like this happened a fair amount back in 2019 per multiple web sites. Apparently both Amazon and Hilton are pointing fingers at each other. That amount of points taken amounts to about $4,000 on Amazon purchases.

Relevant Links:
Hilton Denies Points Getting Stolen through Amazon is a Widespread Issue (thriftytraveler.com)
thriftytraveler.com/news/hotels/hilton-points-stolen-amazon-widespread-issue/
How do I use my Points to shop on Amazon? (hilton.com)
help.hilton.com/s/article/How-do-I-use-my-Points-to-shop-on-Amazon
amazon.com/HiltonHonors
MarkRR is offline  
Old Oct 1, 2022, 5:39 pm
  #99  
 
Join Date: Apr 2002
Location: Atlanta Metro
Programs: DL , AC, BA, Hhonors Diamond, IH Platinum, Bonvoy Gold, Hyatt Discoverist
Posts: 2,333
I went ahead and linked my Hhonors account to my Amazon account after reading previous stories about this. I think that makes it harder for thieves to do this.

It's just awful. People are just no damn good.
hotturnip is offline  
Old Oct 7, 2022, 12:32 pm
  #100  
 
Join Date: May 2007
Location: Seattle area
Programs: Peasant at large
Posts: 595
Originally Posted by hotturnip
I went ahead and linked my Hhonors account to my Amazon account after reading previous stories about this. I think that makes it harder for thieves to do this.

It's just awful. People are just no damn good.
Unfortunately, it's just a minor speed bump. Might even stop a random high school kid who was messing around but these types of attacks are lucrative you're looking at professionals more often than not.

Until Hilton (and other similar companies) get serious about security, there's little we as consumers can do. This walled-garden security model is just flawed by definition but is widespread. No critical action should be permissible without secondary authorization with an independent authentication mechanism. Changing any primary contact information or method should be considered a critical action and should not be completed just because you're currently logged in. Even if the user does not have 2FA/MFA setup, requiring verification on existing primary contact points (email and/or phone) adds a lot more friction for the attacker with just marginal extra effort on the user (both to setup and to use).

If @MarkRR has the time, I'd recommend hitting Hilton up on twitter so there's a public record of it and given the $ value, lodge a police or FBI report. FTC and DOJ have similar mechanisms also. Every data point helps these people get better at tracking and finding the bad guys.
SPN Lifer likes this.
crunchie is offline  
Old Nov 9, 2022, 5:00 pm
  #101  
In Memoriam, FlyerTalk Evangelist
 
Join Date: Jul 2002
Location: Durham, NC (RDU/GSO/CLT)
Programs: AA EXP/MM, DL GM, UA Platinum, HH DIA, Hyatt Explorist, IHG Platinum, Marriott Titanium, Hertz PC
Posts: 33,857
Someone accessed my account and used 40,000 points to book a room at the Homewood Suites Sacramento Airport-Natomas tonight. I learned this when I got an email saying points were deducted. I called the Diamond number and the agent managed to quickly handle the situation by cancelling the reservation and refunding the points. I checked with the hotel too and they show the reservation as cancelled and flagged as fraud.

Not the smartest criminal, he listed presumably his name as an additional guest along with an email.
SPN Lifer likes this.
CMK10 is offline  
Old Nov 9, 2022, 5:53 pm
  #102  
 
Join Date: May 2022
Posts: 2,063
Originally Posted by CMK10
Someone accessed my account and used 40,000 points to book a room at the Homewood Suites Sacramento Airport-Natomas tonight. I learned this when I got an email saying points were deducted. I called the Diamond number and the agent managed to quickly handle the situation by cancelling the reservation and refunding the points. I checked with the hotel too and they show the reservation as cancelled and flagged as fraud.

Not the smartest criminal, he listed presumably his name as an additional guest along with an email.
Good thing you caught so quickly
Schnit is offline  
Old Nov 28, 2022, 3:31 pm
  #103  
 
Join Date: Nov 2022
Posts: 3
Originally Posted by Hilton Honors Ambassador
I would be glad to pass this along if you will send me your name and Honors account number to reference.

Best regards,

William
William, I am expereincing the same issue. Would you mind reaching out on my behalf please? I would greatly appreciate it.

Thank you,
Brooke Sieff
bsieff is offline  
Old Nov 28, 2022, 4:00 pm
  #104  
Moderator Hilton Honors, Travel News, West, The Suggestion Box, Smoking Lounge & DiningBuzz
 
Join Date: Jun 2000
Programs: Honors Diamond, Hertz Presidents Circle, National Exec Elite
Posts: 35,965
Welcome to FlyerTalk!

Send him a Private Message tomorrow (he's out of the office through today) with the information about your account.

cblaisd, Co-Moderator, Hilton forum
bsieff likes this.
cblaisd is offline  
Old Nov 28, 2022, 4:18 pm
  #105  
 
Join Date: Nov 2022
Posts: 3
Thank you so much for your propt reply. I would be glad to do so, however, I do not see the option to private message Hilton Honors Ambassador like I do on other accounts. Would you be able to advise how to go about that please?

Thanks again.
Brooke
bsieff is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.