Whoa! Password Reset WAY too easy
Dec 10, 2018, 3:06 pm
#1
Original Poster
Join Date: Jun 2009
Location: SAN
Programs: DL DM / 2MM - Marriott Ambassador
Posts: 1,515
Whoa! Password Reset WAY too easy
So I could not find a place to change my password online. I called the Plat line and they asked two very simple questions (that anyone would probably know) and sent me a link directly to reset the password. I did not even have to know my existing password. This was WAY too easy and doesn't this just make it that much easier to hack someones account? WTH?
Dec 10, 2018, 3:43 pm
#2
Moderator, Marriott Bonvoy & FlyerTalk Evangelist
Join Date: Oct 2002
Location: McKinney, TX, USA
Programs: United Silver; AA Plat/2MM; Marriott LT Titanium; Hilton Gold
Posts: 11,727
You should set up a PIN for your account. Then before the agent could even pull up your account, you have to provide them with your PIN.
Dec 10, 2018, 5:09 pm
#3
A FlyerTalk Posting Legend
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 71,107
Dec 10, 2018, 7:27 pm
#4
FlyerTalk Evangelist
Join Date: Jan 2007
Location: BOS/UTH
Programs: AA LT PLT; QR GLD; Bonvoy LT TIT
Posts: 12,753
Dec 10, 2018, 7:34 pm
#5
FlyerTalk Evangelist
Join Date: May 2015
Location: BOS, YVR, ZRH
Programs: *G
Posts: 17,392
So I could not find a place to change my password online. I called the Plat line and they asked two very simple questions (that anyone would probably know) and sent me a link directly to reset the password. I did not even have to know my existing password. This was WAY too easy and doesn't this just make it that much easier to hack someones account? WTH?
Dec 10, 2018, 8:08 pm
#7
Join Date: Dec 2009
Location: COS
Programs: UA Gold/1.5MM (several years running now!), Marriott LTTE, Hertz Prez
Posts: 1,899
Dec 10, 2018, 8:29 pm
#8
Join Date: Dec 2007
Location: SFO
Posts: 4,912
So I could not find a place to change my password online. I called the Plat line and they asked two very simple questions (that anyone would probably know) and sent me a link directly to reset the password. I did not even have to know my existing password. This was WAY too easy and doesn't this just make it that much easier to hack someones account? WTH?
Dec 10, 2018, 10:04 pm
#9
Join Date: Jan 2009
Location: TUL
Programs: AA EXP 2MM; Marriott Titanium; Hilton Diamond; Hyatt Explorist; Vistana 5* Elite; Nat'l Exec Elite
Posts: 6,177
Dec 11, 2018, 1:10 am
#11
FlyerTalk Evangelist
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,668
So I could not find a place to change my password online. I called the Plat line and they asked two very simple questions (that anyone would probably know) and sent me a link directly to reset the password. I did not even have to know my existing password. This was WAY too easy and doesn't this just make it that much easier to hack someones account? WTH?
Dec 11, 2018, 7:20 am
#12
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
Dec 11, 2018, 9:40 am
#13
Join Date: Aug 2007
Programs: DL DM
Posts: 1,079
So I could not find a place to change my password online. I called the Plat line and they asked two very simple questions (that anyone would probably know) and sent me a link directly to reset the password. I did not even have to know my existing password. This was WAY too easy and doesn't this just make it that much easier to hack someones account? WTH?
Dec 11, 2018, 10:13 am
#14
Join Date: Nov 2008
Programs: SPG-Plat, Hilton-Diamond, Club Carlson-Silver, Cathay-Diamond, Virgin-Gold
Posts: 2,183
Sorry if the link was sent to your email on file there really is no issue here as most companies will do that just by clicking reset password, so by having 2 questions to answer it was actually more difficult than most!
Dec 13, 2018, 1:34 pm
#15
Join Date: Jun 2009
Location: LAX
Programs: UA 1K/MM, Marriott Gold
Posts: 132
When I go to my profile get the following message: We're temporarily unable to display the information requested"
I mean really. Huge data breach - a link to change your password should be on the front page. I'm changing my password as this breach finally made me make the move to a password manager so I need to change all my passwords.
After 10 minutes on the phone with Marriott (mostly on hold) they sent me a link to reset my password. No security questions nothing. I have the same concerns as the OP.