Suite Disposition

I have asked to be called when IHG completes their investigation regarding my fraudulently used points and your question about passwords is one I am going to ask them.

yurtripper

Perhaps we can start with a list of all the businesses on the internet in 2018 who have a 4-digit PIN as their account password?

I'll start by listing all the ones I know.

1) ihg.com

dgcpaphd

Funny!

Although I really like to stay at IHG hotels, I am at a loss for understanding why protection over security of guests' password and other personal guest information means little (or nothing) to IHG.

I base my foregoing strong statement on the fact of the weak security to IHG website, guests' data. For example, a four digit numeric password PIN is tantamount to an invitation for a not-so-skilled hacker to steal guests' points. And, it happens often.

IHG might have a representative who reads IHG threads for IHG management. Hopefully, that is so and perhaps a representative can push IHG management to focus on how many points IHG must replace for customers who have been robbed of points from their IHG account.

The aggravation that guests endure knowing their accounts get hacked plus the time and effort to contact IHG to have the stolen points replaced is inexcusable because this happens because of the weak PIN used by IHG.

Among other things, I suggest IHG take a look at Hilton's and Marriott's web site. I suppose some sophisticated hacker could break into an account with those hotels but it would take a fair amount of effort. However, with the simple four digit password PIN used by IHG, it is no wonder guest accounts are repeatedly hacked.

I guess I beat this horse to death.

Suite Disposition

It has only been 1 business day and IHG put all the points taken fraudulently back into my account, so I am happy about that.
I had Ambassador services open a new rewards account with a new account number.

My points and status transferred correctly but my promotion registrations didn't. When they finally did register me for Accelerate, I was given entirely different challenges than I got in December which I am working on getting fixed. The Chase Anniversary night is missing as is my registration and stays for the Mastercard Priceless Experiences promotion.

I had Chase change my IHG credit card account number. I will be talking to Chase Credit Card Fraud dept tomorrow to find out if they have an open investigation and are looking into if our IHG Co-Branded Chase credit cards that were held on IHG's website as our payment methods have been compromised.

I was told that IHG will be switching to passwords but they didn't have a date as to when this will take place. I was told that the website security measures were being increased because of this hack but the representative could not tell me specifics of what was being done.

This has become a huge hassle and I am frustrated knowing that this has happened to other people and I can not get any information from IHG about how this happened and what specific security measures are being updated to protect our account information.

serpens

Yes, but it was a horse worth beating, although it was likely dead from others' beatings before you started.

tassojunior

Others were skeptical this would work but it's been almost 3 weeks and my points are untouched. Before I was getting hacked every day for weeks.

Once your points are in reservations I don't think the hackers are sophisticated enough to get into reservations and cancel them for the points. This may be a bot.

After a month of this nonsense on my account and many others I know of, finally a huge mistake was made in my favor and I can confirm the company has no idea what the hell they're doing or what is going on.

yurtripper

Thanks for the DP but I think I (and countless others) worked that out a long time ago!

tassojunior

update:
Well, the work-around to hide all your points in distant reservations does not work.

After hiding my points for a month I woke up this morning to an email about some HIX reservation I had not made. Checked my account and sure enough my reservations were being canceled as I watched. Phoned IHG, got a very intelligent csr and we froze the account and opened a new one. Half my points were all that were still there as someone had purchased an iPhone with the other half in those 10 minutes. Now waiting for them to cancel that order and return those points plus my Chase free night.

The csr says she does about 2 or 3 of these per day and she's sure they will do away with the 4-digit pin soon. I'm surprised she only handles 2 or 3 per day.

yurtripper

Yes. Myself and others have posted specific reasons why the points booking trick does not protect you against account hacks, yet the myth that it does persistently reappears on this forum.

It's a pity you had to find this out the hard way but thanks for reporting your experiences. Hopefully this will help others avoid the complacency that they can secure their accounts merely by allocating their free points to dummy reservations.