WARNING (3rd-Party source): possible IHG Data Breach and member information leaked
#31
Join Date: Mar 2011
Location: Silicon Valley, CA
Programs: IHG Diamond Ambassador
Posts: 194
#32
Join Date: Dec 2016
Location: WAW
Programs: A3(*G), Marriott Platinum, Hilton Diamond, IHG Diamond Ambassador
Posts: 2,534
Perhaps we can start with a list of all the businesses on the internet in 2018 who have a 4-digit PIN as their account password?
I'll start by listing all the ones I know.
1) ihg.com
I'll start by listing all the ones I know.
1) ihg.com
#33
Join Date: Apr 2008
Posts: 2,358
Although I really like to stay at IHG hotels, I am at a loss for understanding why protection over security of guests' password and other personal guest information means little (or nothing) to IHG.
I base my foregoing strong statement on the fact of the weak security to IHG website, guests' data. For example, a four digit numeric password PIN is tantamount to an invitation for a not-so-skilled hacker to steal guests' points. And, it happens often.
IHG might have a representative who reads IHG threads for IHG management. Hopefully, that is so and perhaps a representative can push IHG management to focus on how many points IHG must replace for customers who have been robbed of points from their IHG account.
The aggravation that guests endure knowing their accounts get hacked plus the time and effort to contact IHG to have the stolen points replaced is inexcusable because this happens because of the weak PIN used by IHG.
Among other things, I suggest IHG take a look at Hilton's and Marriott's web site. I suppose some sophisticated hacker could break into an account with those hotels but it would take a fair amount of effort. However, with the simple four digit password PIN used by IHG, it is no wonder guest accounts are repeatedly hacked.
I guess I beat this horse to death.
#34
Join Date: Mar 2011
Location: Silicon Valley, CA
Programs: IHG Diamond Ambassador
Posts: 194
I had Ambassador services open a new rewards account with a new account number.
My points and status transferred correctly but my promotion registrations didn't. When they finally did register me for Accelerate, I was given entirely different challenges than I got in December which I am working on getting fixed. The Chase Anniversary night is missing as is my registration and stays for the Mastercard Priceless Experiences promotion.
I had Chase change my IHG credit card account number. I will be talking to Chase Credit Card Fraud dept tomorrow to find out if they have an open investigation and are looking into if our IHG Co-Branded Chase credit cards that were held on IHG's website as our payment methods have been compromised.
I was told that IHG will be switching to passwords but they didn't have a date as to when this will take place. I was told that the website security measures were being increased because of this hack but the representative could not tell me specifics of what was being done.
This has become a huge hassle and I am frustrated knowing that this has happened to other people and I can not get any information from IHG about how this happened and what specific security measures are being updated to protect our account information.
Last edited by Suite Disposition; Jan 12, 2018 at 2:02 am
#36
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
udate- Points still safe in reservations
Once your points are in reservations I don't think the hackers are sophisticated enough to get into reservations and cancel them for the points. This may be a bot.
After a month of this nonsense on my account and many others I know of, finally a huge mistake was made in my favor and I can confirm the company has no idea what the hell they're doing or what is going on.
#37
Join Date: Dec 2016
Location: WAW
Programs: A3(*G), Marriott Platinum, Hilton Diamond, IHG Diamond Ambassador
Posts: 2,534
#38
Join Date: May 2010
Location: WAS
Programs: Lotz
Posts: 1,534
update:
Well, the work-around to hide all your points in distant reservations does not work.
After hiding my points for a month I woke up this morning to an email about some HIX reservation I had not made. Checked my account and sure enough my reservations were being canceled as I watched. Phoned IHG, got a very intelligent csr and we froze the account and opened a new one. Half my points were all that were still there as someone had purchased an iPhone with the other half in those 10 minutes. Now waiting for them to cancel that order and return those points plus my Chase free night.
The csr says she does about 2 or 3 of these per day and she's sure they will do away with the 4-digit pin soon. I'm surprised she only handles 2 or 3 per day.
Well, the work-around to hide all your points in distant reservations does not work.
After hiding my points for a month I woke up this morning to an email about some HIX reservation I had not made. Checked my account and sure enough my reservations were being canceled as I watched. Phoned IHG, got a very intelligent csr and we froze the account and opened a new one. Half my points were all that were still there as someone had purchased an iPhone with the other half in those 10 minutes. Now waiting for them to cancel that order and return those points plus my Chase free night.
The csr says she does about 2 or 3 of these per day and she's sure they will do away with the 4-digit pin soon. I'm surprised she only handles 2 or 3 per day.
#39
Join Date: Dec 2016
Location: WAW
Programs: A3(*G), Marriott Platinum, Hilton Diamond, IHG Diamond Ambassador
Posts: 2,534
update:
Well, the work-around to hide all your points in distant reservations does not work.
After hiding my points for a month I woke up this morning to an email about some HIX reservation I had not made. Checked my account and sure enough my reservations were being canceled as I watched. Phoned IHG, got a very intelligent csr and we froze the account and opened a new one. Half my points were all that were still there as someone had purchased an iPhone with the other half in those 10 minutes. Now waiting for them to cancel that order and return those points plus my Chase free night.
The csr says she does about 2 or 3 of these per day and she's sure they will do away with the 4-digit pin soon. I'm surprised she only handles 2 or 3 per day.
Well, the work-around to hide all your points in distant reservations does not work.
After hiding my points for a month I woke up this morning to an email about some HIX reservation I had not made. Checked my account and sure enough my reservations were being canceled as I watched. Phoned IHG, got a very intelligent csr and we froze the account and opened a new one. Half my points were all that were still there as someone had purchased an iPhone with the other half in those 10 minutes. Now waiting for them to cancel that order and return those points plus my Chase free night.
The csr says she does about 2 or 3 of these per day and she's sure they will do away with the 4-digit pin soon. I'm surprised she only handles 2 or 3 per day.
It's a pity you had to find this out the hard way but thanks for reporting your experiences. Hopefully this will help others avoid the complacency that they can secure their accounts merely by allocating their free points to dummy reservations.