FlyerTalk Forums - Mandatory password reset

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)

- Southwest Airlines | Rapid Rewards (https://www.flyertalk.com/forum/southwest-airlines-rapid-rewards-501/)

- - Mandatory password reset (https://www.flyertalk.com/forum/southwest-airlines-rapid-rewards/1992811-mandatory-password-reset.html)

mke9499

Oct 25, 2019 5:57 pm

Mandatory password reset

My RR password, as well as that of an associate, did not work this afternoon, though passwords of several other RR accounts worked, without any issues. A couple of hours later, this email message was received:

Quote:

Important information about your Rapid Rewards® online account

Dear Xxxxx,

The security of your account information is a top priority for Southwest Airlines®. It appears that your account may have been accessed without your consent. As a result, we have deactivated your current password to protect your account, and you will need to reset your password.

Calling WN, the agent did not know about any issues; then, she checked her personal account, only to have the same problem and email message. Her Help Desk knew nothing, but was passing the inquiry on to Corporate. In the meantime, I was directed to change passwords. At this point, they don't know if it's an IT glitch, or if there is actually a legitimate reason for a security concern.

GVR Bill

Oct 25, 2019 6:07 pm

Happened to me and several colleagues - sounds like something went haywire with their system.

dmbolp

Oct 25, 2019 6:08 pm

I can still sign in with current password

expert7700

Oct 25, 2019 6:10 pm

Same thing here on two accounts, and I could not cancel flights as it needed a RR login. I was in the air with no voice dialing capacity.

One account allowed a PW change yesterday, the other did not.

ursine1

Oct 26, 2019 1:02 pm

My password was rejected on desktop and mobile website beginning Thursday night, despite being correct. Eventually I was locked out. I could still access my account via the app, which uses fingerprint for login. I didn't see any unauthorized access, so I reached out via Twitter to see if login could be reset without changing my password and was told that it would do so automatically after 24 hours from the initial lockout. It didn't. (The copy/paste reply also suggested that I had forgot my password, which was annoying.) Then I received the email referenced above, so I reset my password. Still no unauthorized access, but it does appear that this was either a breach or some kind of larger glitch. In further texts with the Twitter rep I suggested Southwest consider two-factor authentication, and was told that, no promises but they're looking into it -- for what that's worth.

nmpls

Oct 26, 2019 4:11 pm

Same here.

dmbolp

Oct 26, 2019 4:19 pm

Able to log into all 4 of the accounts I manage: Mine, Wife, Daughter, Daughter's Boyfriend

Zorak

Oct 27, 2019 6:20 pm

Quote:

Originally Posted by ursine1 (Post 31668849)

Still no unauthorized access, but it does appear that this was either a breach or some kind of larger glitch.

It's also possible they periodically look for passwords known to have been part of other breaches and compare those to passwords being used by their own users (this can be done without knowing your password; they can just hash the known compromised password with whatever hash they use on regular user pws) and if yours pops up on the list they force a reset.

https://krebsonsecurity.com/2019/08/...r-assumptions/

ursine1

Oct 27, 2019 9:21 pm

Quote:

Originally Posted by Zorak (Post 31672326)

We're talking about Southwest here.

;)

All times are GMT -6. The time now is 9:07 pm.

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.