IHG Rewards Club Website Security

Old Apr 18, 14, 9:45 am
  #1  
Original Poster
 
Join Date: Dec 2000
Location: Orlando, FL, USA (MCO)
Programs: Hilton-Diamond, Virgin-Gold, BA-Silver
Posts: 21
IHG Rewards Club Website Security

After the recent Heartbleed website vulnerability was announced I went through and made sure that I am using strong unique passwords on all of my web logins.

In the case of IHG there is no option to create a password beyond a 4-digit numeric only PIN. This means that anyone with your IHG # (which is on every receipt half tucked under your room door) could hack into your account in just 9999 tries.

SCARY.

An email to IHG's Privacy Department ([email protected]) resulted only in an email stated "Thank you for your message, which we will pass on to IHG Rewards Club."
anative is offline  
Old Apr 18, 14, 10:47 am
  #2  
 
Join Date: Jan 2002
Location: Los Angeles, California
Programs: IHG Spire Elite, Marriott Platinum Elite, Hilton Diamond, Hertz President's Circle
Posts: 3,359
Doesn't matter. Changing passwords now is too late and useless.
CalItalian is offline  
Old Apr 19, 14, 2:55 pm
  #3  
 
Join Date: Apr 2000
Location: Chicago Illinois
Programs: 1MM UA
Posts: 1,746
Originally Posted by anative View Post
... anyone with your IHG # (which is on every receipt half tucked under your room door) could hack into your account in just 9999 tries.

SCARY.
You could get lucky. Since there are actually 10,000 four digit numbers, a hacker that stopped with 9999 could miss the one.
sosafan is offline  

Thread Tools
Search this Thread
Search Engine: