Account hacked, points spent
I just had an email from IHG thanking me for updating my profile, saying if it wasn't me, then I needed to contact them.
So I logged in and my email and contact number had been changed. I changed them bag and amended the login PIN. However, upon logging in, I found that most of my points had gone. Just spoken to AMB services, who promptly cancelled the "Redemption order event 1" as it was described in Account Activity, and it seems that "someone" had ordered Amazon vouchers on my account. Luckily, the operator was able to cancel the transaction, as it had only just been processed, but I imagine it would have been a much bigger ordeal had I left it longer to call them. So, be careful! |
Hi could you provide more info?
1>, Is the email from IHG about updating your information genuine? 2>, Have you logged in to IHG in public computers recently? 3>, Have you told anyone of your IHG membership number? I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again. |
Yes, thanks for letting us know.
A timely reminder to change our PINs I suppose. I do wish IHG would change to passwords or at the very least longer PINs. |
Originally Posted by chongcao
(Post 24948438)
Hi could you provide more info?
1>, Is the email from IHG about updating your information genuine? 2>, Have you logged in to IHG in public computers recently? 3>, Have you told anyone of your IHG membership number? I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again. I don't use public computers, nor have I disclosed my account number, so it's a bit of a mystery.. |
Hope all works out well. I really think IHG should introduce real passwords for accounts or at least extend the PIN concept to 6-digits.
|
Originally Posted by turner32
(Post 24949699)
The email from IHG was genuine, it's automatically generated if any details are amended on the account.
I don't use public computers, nor have I disclosed my account number, so it's a bit of a mystery.. |
The stupid pin is ridiculous! If they want to continue with that maybe at least have Alpha-Numeric! Increases the security a bit!
|
Originally Posted by Tim O'Brien
(Post 24953943)
with four digit pins, and millions of account numbers, i can't imagine it wld be a difficult job for even simple hackers, maybe the solution wld be an additional layer, like other sites, say answering a question the member has elected, mother's maiden name or other.
It's a bit like finding a cash card and trying out three arbitrary PIN numbers at the next cash machine. Chances to win are better than playing the lottery. Plus the bank will claim that you must have written the PIN number on the back of your card because it would otherwise be impossible for the thief to have known the number... HTB. |
Originally Posted by turner32
(Post 24949699)
The email from IHG was genuine, it's automatically generated if any details are amended on the account.
I don't use public computers, nor have I disclosed my account number, so it's a bit of a mystery.. Don't we only get 3attempts at pin now before a 30minute wait is implemented so on that basis maybe theif knew your pin/member-number somehow Previously no notification went to existing email account when it was changed by a hacker/theif, so it could be days or weeks before holder finds they can not login and reports an issue and theft is known. However even with IHG now correctly notifying existing email address of change to email address, UNLESS member uses automatic email notification to eg mobile/blackberry the theif can still get the emailed amazon type money voucher in 1-2days and use it etc before member sees email and contacts IHG |
Originally Posted by BRAISKI
(Post 24954216)
The stupid pin is ridiculous! If they want to continue with that maybe at least have Alpha-Numeric! Increases the security a bit!
|
Originally Posted by htb
(Post 24954694)
Anyone with a bot net can easily bypass any security measures IHG could take. Just try each arbitrary account number with two or three different pins, maybe hours apart. Every 10000 tries you get a hit.
If you see your PIN listed in the above article, you should consider something different. |
New pins
Hilton changed from the 1234 pin to the Alphanum pin IHG can too
|
to update, they closed my account without informing me. Will have to speak to someone..
|
Dear turner32,
Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card. Sincerely, Karen C. Case Manager IHGCare |
Originally Posted by IHG Care
(Post 24972246)
Dear turner32,
Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card. Sincerely, Karen C. Case Manager IHGCare Thanks for your comments, Karen. I've contacted Ambassador services who informed me that my account was closed 4 days ago, due to unauthorized activity that took place. Unfortunately, no-one bothered to inform me of this, and now my account cannot be released for a couple of days at least. :td: |
All times are GMT -6. The time now is 10:58 pm. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.