Account hacked, points spent
Jun 10, 2015, 6:22 am
#1
Original Poster
Join Date: Aug 2009
Location: UK
Programs: IHG
Posts: 1,316
Account hacked, points spent
I just had an email from IHG thanking me for updating my profile, saying if it wasn't me, then I needed to contact them.
So I logged in and my email and contact number had been changed. I changed them bag and amended the login PIN. However, upon logging in, I found that most of my points had gone.
Just spoken to AMB services, who promptly cancelled the "Redemption order event 1" as it was described in Account Activity, and it seems that "someone" had ordered Amazon vouchers on my account.
Luckily, the operator was able to cancel the transaction, as it had only just been processed, but I imagine it would have been a much bigger ordeal had I left it longer to call them. So, be careful!
So I logged in and my email and contact number had been changed. I changed them bag and amended the login PIN. However, upon logging in, I found that most of my points had gone.
Just spoken to AMB services, who promptly cancelled the "Redemption order event 1" as it was described in Account Activity, and it seems that "someone" had ordered Amazon vouchers on my account.
Luckily, the operator was able to cancel the transaction, as it had only just been processed, but I imagine it would have been a much bigger ordeal had I left it longer to call them. So, be careful!
Jun 10, 2015, 9:31 am
#2
Suspended
Join Date: Jul 2007
Posts: 4,477
Hi could you provide more info?
1>, Is the email from IHG about updating your information genuine?
2>, Have you logged in to IHG in public computers recently?
3>, Have you told anyone of your IHG membership number?
I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again.
1>, Is the email from IHG about updating your information genuine?
2>, Have you logged in to IHG in public computers recently?
3>, Have you told anyone of your IHG membership number?
I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again.
Jun 10, 2015, 12:51 pm
#4
Original Poster
Join Date: Aug 2009
Location: UK
Programs: IHG
Posts: 1,316
Hi could you provide more info?
1>, Is the email from IHG about updating your information genuine?
2>, Have you logged in to IHG in public computers recently?
3>, Have you told anyone of your IHG membership number?
I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again.
1>, Is the email from IHG about updating your information genuine?
2>, Have you logged in to IHG in public computers recently?
3>, Have you told anyone of your IHG membership number?
I think it is easy for hackers to hack into your IHG account due to the weak password protection. But thank you for the thread! I will certainly watch out every hour again.
I don't use public computers, nor have I disclosed my account number, so it's a bit of a mystery..
Jun 11, 2015, 3:30 am
#5
Join Date: May 2004
Location: SIN (LEJ once a year)
Programs: SQ, LH, BA, IHG Diamond AMB, HH Gold, SLH Indulged, Accor Gold, Hyatt Discoverist
Posts: 7,739
Hope all works out well. I really think IHG should introduce real passwords for accounts or at least extend the PIN concept to 6-digits.
Jun 11, 2015, 8:29 am
#6
Join Date: Jan 2010
Location: NYC
Programs: IHG, RC, HH, AA, QF, UA, Aeroplan
Posts: 2,690
with four digit pins, and millions of account numbers, i can't imagine it wld be a difficult job for even simple hackers, maybe the solution wld be an additional layer, like other sites, say answering a question the member has elected, mother's maiden name or other.
Jun 11, 2015, 10:43 am
#8
Join Date: Aug 2005
Programs: UA*G(1K), PC Diamond Amb, Marriott Titanium, Accor Platinum
Posts: 4,671
It's a bit like finding a cash card and trying out three arbitrary PIN numbers at the next cash machine. Chances to win are better than playing the lottery. Plus the bank will claim that you must have written the PIN number on the back of your card because it would otherwise be impossible for the thief to have known the number...
HTB.
Jun 11, 2015, 12:47 pm
#9
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
Don't we only get 3attempts at pin now before a 30minute wait is implemented so on that basis maybe theif knew your pin/member-number somehow
Previously no notification went to existing email account when it was changed by a hacker/theif, so it could be days or weeks before holder finds they can not login and reports an issue and theft is known.
However even with IHG now correctly notifying existing email address of change to email address, UNLESS member uses automatic email notification to eg mobile/blackberry the theif can still get the emailed amazon type money voucher in 1-2days and use it etc before member sees email and contacts IHG
Jun 12, 2015, 1:54 pm
#11
Join Date: Jul 2001
Programs: Marriott LT Tit; Hyatt Explorist; Hilton CC Gold; IHG CC Plt; Hertz (MR) 5 star
Posts: 5,536
If you see your PIN listed in the above article, you should consider something different.
Last edited by iflyjetz; Jun 13, 2015 at 1:08 am
Jun 15, 2015, 7:23 am
#14
Company Representative - InterContinental Hotels
Join Date: May 2011
Location: Salt Lake City Utah
Programs: IHG Rewards Club
Posts: 166
Dear turner32,
Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card.
Sincerely,
Karen C.
Case Manager
IHGCare
Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card.
Sincerely,
Karen C.
Case Manager
IHGCare
Jun 15, 2015, 8:32 am
#15
Original Poster
Join Date: Aug 2009
Location: UK
Programs: IHG
Posts: 1,316
Dear turner32,
Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card.
Sincerely,
Karen C.
Case Manager
IHGCare
Safety and Security at IHG are our first and foremost concern. IHG has a number of behind the scenes security processes to protect our guests while considering guest's requests for ease of use of their IHG Rewards Club Accounts. If you have concerns about any unauthorized access to your accounts, please contact the IHG Rewards Club Service Center at the contact details on the back of your IHG Rewards Club Card.
Sincerely,
Karen C.
Case Manager
IHGCare
Thanks for your comments, Karen. I've contacted Ambassador services who informed me that my account was closed 4 days ago, due to unauthorized activity that took place. Unfortunately, no-one bothered to inform me of this, and now my account cannot be released for a couple of days at least.
