WARNING (3rd-Party source): possible IHG Data Breach and member information leaked
#16
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
Not only 4 digit passwords but IHG is one of the few companies that doesn't lock your account after a certain number of failed tries. 9999 tries is easy for a bot.
I've been hacked in August and December. So far in December almost every day in spite of changing everything every day. Bizarre.
And I've heard from others having the same experience. What an IT !
I've been hacked in August and December. So far in December almost every day in spite of changing everything every day. Bizarre.
And I've heard from others having the same experience. What an IT !
#17
Join Date: Dec 2016
Location: WAW
Programs: A3(*G), Marriott Platinum, Hilton Diamond, IHG Diamond Ambassador
Posts: 2,534
Such exposure of confidential customer information has been enough to provoke lawsuits against plenty of companies, including Equifax. Companies who have shown an egregious disregard for the security of customers' accounts and data are especially vulnerable to legal action in the event of large scale hacks.
#18
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
update: Changed my email and password yet again last night and yet again this morning I was hacked for about the 10th time in a week.
Told them to restore points and freeze my account until they use decent passwords. This is out of control now.
Told them to restore points and freeze my account until they use decent passwords. This is out of control now.
#19
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
The "second" attempt to guess a pin will be for a different account from a different computer. The 10 thousands attempt will be for yet another account from yet a different computer. And *Bingo* -- at least one bot will have hacked one of the 10000 accounts, simply by pure chance. And there's nothing, IHG can do against it, except introducing proper passwords.
One day later you can try the remaining 9999 accounts with your botnet again and get another hit. And the system easily scales.
HTB.
One day later you can try the remaining 9999 accounts with your botnet again and get another hit. And the system easily scales.
HTB.
#20
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
I was getting hacked everyday, once twice in a day. They're not even bothering to change emails so you don't get a notice now. And two people in my block have also had theirs hacked this week. At this rate every account will be emptied by the time IHG wakes up. Massive loss for restored points. So easily preventable.
#21
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
The problem is I have the IHG credit card and it's number is linked to my IHG rewards number. IHG evidently doesn't know how to change the link to a new number.
#22
Join Date: Apr 2008
Posts: 2,358
Considering this breach has happened to countless other Chase customers and IHG, I am confident that Chase has a solution to shut out the hackers of your account, assuming that the hackers also have your Chase IHG credit card number.
.
Last edited by dgcpaphd; Dec 22, 2017 at 12:13 pm
#23
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
correct, i sometimes logon twice on same laptop concurrently Mozilla and Chrome browsers, plus can logon 3rd time simultaneously on my android phone IHG App
#24
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
This mess with IHG has been going on so long. It keeps getting worse as hackers realize how easy it is. My dealing with them today was totally bizarre. Until the dust settles I'll keep mum as it's a huge mistake in my favor this time. Of course it will all be stolen tomorrow anyway.
I have never seen such a mess.
I have never seen such a mess.
#26
Join Date: Dec 2016
Location: WAW
Programs: A3(*G), Marriott Platinum, Hilton Diamond, IHG Diamond Ambassador
Posts: 2,534
The fact remains that in the current mess the only way to protect yourself is eternal paranoid vigilance - checking your points total and registered email address at least once every 24 hours.
It's ridiculous that this should be necessary but IHG have consistently shown that they do not have the slightest regard for the account security or data integrity of their own customers. If they are somehow unaware that there is even a problem then it shows a degree of ignorance that is scarcely comprehensible. So choose between indifference or incompetence as to why they take no action. This is one reason why IHG would never be my primary program. What they've done to the website is really just rubbing salt into the wounds.
#29
Join Date: Mar 2011
Location: Silicon Valley, CA
Programs: IHG Diamond Ambassador
Posts: 194
I had over 200K points taken from my account tonight.
I called IHG and filed a claim of fraudulent use of my account.
Ambassador Services told me that Amazon gift cards were ordered with those points and that other Ambassadors as well as members have selectively had their points stolen.
I immediately deleted my IHG Credit Card from my IHG Rewards account that made making reservations so easy but now has obviously exposed that card to fraudulent use.
I called Chase IHG Credit card line and and they advised I place a hold on the card (up to 30 days but I can call and cancel any time) while I sort this out.
I changed my password and email address on my IHG Rewards account as advised by Ambassador Services.
I hope IHG Fraud Dept can find who is doing this from the address the Amazon gift cards were sent to.
I'm very disappointed to read that this is happening to other FlyerTalk members also.
I called IHG and filed a claim of fraudulent use of my account.
Ambassador Services told me that Amazon gift cards were ordered with those points and that other Ambassadors as well as members have selectively had their points stolen.
I immediately deleted my IHG Credit Card from my IHG Rewards account that made making reservations so easy but now has obviously exposed that card to fraudulent use.
I called Chase IHG Credit card line and and they advised I place a hold on the card (up to 30 days but I can call and cancel any time) while I sort this out.
I changed my password and email address on my IHG Rewards account as advised by Ambassador Services.
I hope IHG Fraud Dept can find who is doing this from the address the Amazon gift cards were sent to.
I'm very disappointed to read that this is happening to other FlyerTalk members also.
Last edited by Suite Disposition; Jan 11, 2018 at 5:44 am
#30
Join Date: Apr 2008
Posts: 2,358
IHG accepting a four digit PIN number to access our points and private information is hard to understand (or believe in this digital world we now live in).
Look at all the other hotel and airlines websites with long passwords that required a combination of capital letters and number and symbols. IHG, only a four digit PIN.
Yikes !