Account hacked, points spent
 

I just had an email from IHG thanking me for updating my profile, saying if it wasn't me, then I needed to contact them.
So I logged in and my email and contact number had been changed. I changed them bag and amended the login PIN. However, upon logging in, I found that most of my points had gone.
Just spoken to AMB services, who promptly cancelled the "Redemption order event 1" as it was described in Account Activity, and it seems that "someone" had ordered Amazon vouchers on my account.
Luckily, the operator was able to cancel the transaction, as it had only just been processed, but I imagine it would have been a much bigger ordeal had I left it longer to call them. So, be careful!

Hi could you provide more info?

1>, Is the email from IHG about updating your information genuine?
2>, Have you logged in to IHG in public computers recently?
3>, Have you told anyone of your IHG membership number?

I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again.

Yes, thanks for letting us know.

A timely reminder to change our PINs I suppose.

I do wish IHG would change to passwords or at the very least longer PINs.

The email from IHG was genuine, it's automatically generated if any details are amended on the account.
I don't use public computers, nor have I disclosed my account number, so it's a bit of a mystery..

Hope all works out well. I really think IHG should introduce real passwords for accounts or at least extend the PIN concept to 6-digits.

with four digit pins, and millions of account numbers, i can't imagine it wld be a difficult job for even simple hackers, maybe the solution wld be an additional layer, like other sites, say answering a question the member has elected, mother's maiden name or other.

The stupid pin is ridiculous! If they want to continue with that maybe at least have Alpha-Numeric! Increases the security a bit!

Anyone with a bot net can easily bypass any security measures IHG could take. Just try each arbitrary account number with two or three different pins, maybe hours apart. Every 10000 tries you get a hit.

It's a bit like finding a cash card and trying out three arbitrary PIN numbers at the next cash machine. Chances to win are better than playing the lottery. Plus the bank will claim that you must have written the PIN number on the back of your card because it would otherwise be impossible for the thief to have known the number...

HTB.

Although an improvement over Summer2013 when points thefts first occurred and IHG were so unhelpful this extra email notification won't prevent points thefts BUT could be used by IHG to deny replacement by saying it is members fault for not viewing their emails every day/every few hours

Don't we only get 3attempts at pin now before a 30minute wait is implemented so on that basis maybe theif knew your pin/member-number somehow

Previously no notification went to existing email account when it was changed by a hacker/theif, so it could be days or weeks before holder finds they can not login and reports an issue and theft is known.

However even with IHG now correctly notifying existing email address of change to email address, UNLESS member uses automatic email notification to eg mobile/blackberry the theif can still get the emailed amazon type money voucher in 1-2days and use it etc before member sees email and contacts IHG

It wouldn't be a PIN then :)

You can do MUCH better. More than 25% of PINs are 10 combinations. 1234 is used by more than 10% of people. http://www.huffingtonpost.com/2013/0...n_3696560.html

If you see your PIN listed in the above article, you should consider something different.

New pins
 

Hilton changed from the 1234 pin to the Alphanum pin IHG can too

to update, they closed my account without informing me. Will have to speak to someone..

Dear turner32,

Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card.

Sincerely,

Karen C.
Case Manager
IHGCare

Thanks for your comments, Karen. I've contacted Ambassador services who informed me that my account was closed 4 days ago, due to unauthorized activity that took place. Unfortunately, no-one bothered to inform me of this, and now my account cannot be released for a couple of days at least. :td: