tassojunior

Not only 4 digit passwords but IHG is one of the few companies that doesn't lock your account after a certain number of failed tries. 9999 tries is easy for a bot.

I've been hacked in August and December. So far in December almost every day in spite of changing everything every day. Bizarre.

And I've heard from others having the same experience. What an IT !

yurtripper

Even those that notice in time and/or get redress will still have had their accounts compromised, which means some confidential information has fallen into the hands of hackers. This may even include CC details, for those who keep this on file (obviously not a good idea with IHG).

Such exposure of confidential customer information has been enough to provoke lawsuits against plenty of companies, including Equifax. Companies who have shown an egregious disregard for the security of customers' accounts and data are especially vulnerable to legal action in the event of large scale hacks.

tassojunior

update: Changed my email and password yet again last night and yet again this morning I was hacked for about the 10th time in a week.

Told them to restore points and freeze my account until they use decent passwords. This is out of control now.

tassojunior

I was getting hacked everyday, once twice in a day. They're not even bothering to change emails so you don't get a notice now. And two people in my block have also had theirs hacked this week. At this rate every account will be emptied by the time IHG wakes up. Massive loss for restored points. So easily preventable.

scubaccr

once u r hacked, ask for new ihg member account number, it is best as your acct number is already sold/known and will be repeatedly targetted

tassojunior

The problem is I have the IHG credit card and it's number is linked to my IHG rewards number. IHG evidently doesn't know how to change the link to a new number.

dgcpaphd

As Chase Bank is the card issuer for IHG, you might want to call Chase and explain the problem of the repeated hacking of your account to them.

Considering this breach has happened to countless other Chase customers and IHG, I am confident that Chase has a solution to shut out the hackers of your account, assuming that the hackers also have your Chase IHG credit card number.

.

scubaccr

correct, i sometimes logon twice on same laptop concurrently Mozilla and Chrome browsers, plus can logon 3rd time simultaneously on my android phone IHG App

tassojunior

This mess with IHG has been going on so long. It keeps getting worse as hackers realize how easy it is. My dealing with them today was totally bizarre. Until the dust settles I'll keep mum as it's a huge mistake in my favor this time. Of course it will all be stolen tomorrow anyway.

I have never seen such a mess.

tassojunior

update:

My stablely slow genius finally kicked in and I figured this out.

Simply reserve as many nights as you have points for as far in the future as you can and cancel and reinstate whenever you need.

yurtripper

If your account is compromised then the hacker can change the email address before cancelling those reservations and booking a different one, whether on their own behalf or somebody else's. That means you won't receive a confirmation that your reservation has been cancelled and will thereby remain unaware.

The fact remains that in the current mess the only way to protect yourself is eternal paranoid vigilance - checking your points total and registered email address at least once every 24 hours.

It's ridiculous that this should be necessary but IHG have consistently shown that they do not have the slightest regard for the account security or data integrity of their own customers. If they are somehow unaware that there is even a problem then it shows a degree of ignorance that is scarcely comprehensible. So choose between indifference or incompetence as to why they take no action. This is one reason why IHG would never be my primary program. What they've done to the website is really just rubbing salt into the wounds.

patchan8984

Just got hacked an hour ago. Luckily I check multiple times a day (sad, right?) and am on hold with CS to fix. What a mess...

Pseudo Nym

I do that too, checking multiple times a day. Once I get into office I log in and refresh throughout the day. Once I get home at night, I turn on my app to check and make sure my points are intact.

Suite Disposition

I had over 200K points taken from my account tonight.
I called IHG and filed a claim of fraudulent use of my account.
Ambassador Services told me that Amazon gift cards were ordered with those points and that other Ambassadors as well as members have selectively had their points stolen.
I immediately deleted my IHG Credit Card from my IHG Rewards account that made making reservations so easy but now has obviously exposed that card to fraudulent use.
I called Chase IHG Credit card line and and they advised I place a hold on the card (up to 30 days but I can call and cancel any time) while I sort this out.
I changed my password and email address on my IHG Rewards account as advised by Ambassador Services.
I hope IHG Fraud Dept can find who is doing this from the address the Amazon gift cards were sent to.
I'm very disappointed to read that this is happening to other FlyerTalk members also.

dgcpaphd

Can you think of a good reason IHG refuses to have a strong password for accessing our accounts?

IHG accepting a four digit PIN number to access our points and private information is hard to understand (or believe in this digital world we now live in).

Look at all the other hotel and airlines websites with long passwords that required a combination of capital letters and number and symbols. IHG, only a four digit PIN.

Yikes !