Mandatory password reset
My RR password, as well as that of an associate, did not work this afternoon, though passwords of several other RR accounts worked, without any issues. A couple of hours later, this email message was received:
Important information about your Rapid RewardsŪ online account Dear Xxxxx, The security of your account information is a top priority for Southwest AirlinesŪ. It appears that your account may have been accessed without your consent. As a result, we have deactivated your current password to protect your account, and you will need to reset your password. |
Happened to me and several colleagues - sounds like something went haywire with their system.
|
I can still sign in with current password
|
Same thing here on two accounts, and I could not cancel flights as it needed a RR login. I was in the air with no voice dialing capacity.
One account allowed a PW change yesterday, the other did not. |
My password was rejected on desktop and mobile website beginning Thursday night, despite being correct. Eventually I was locked out. I could still access my account via the app, which uses fingerprint for login. I didn't see any unauthorized access, so I reached out via Twitter to see if login could be reset without changing my password and was told that it would do so automatically after 24 hours from the initial lockout. It didn't. (The copy/paste reply also suggested that I had forgot my password, which was annoying.) Then I received the email referenced above, so I reset my password. Still no unauthorized access, but it does appear that this was either a breach or some kind of larger glitch. In further texts with the Twitter rep I suggested Southwest consider two-factor authentication, and was told that, no promises but they're looking into it -- for what that's worth.
|
Same here.
|
Able to log into all 4 of the accounts I manage: Mine, Wife, Daughter, Daughter's Boyfriend
|
Originally Posted by ursine1
(Post 31668849)
Still no unauthorized access, but it does appear that this was either a breach or some kind of larger glitch.
https://krebsonsecurity.com/2019/08/...r-assumptions/ |
Originally Posted by Zorak
(Post 31672326)
It's also possible they periodically look for passwords known to have been part of other breaches and compare those to passwords being used by their own users (this can be done without knowing your password; they can just hash the known compromised password with whatever hash they use on regular user pws) and if yours pops up on the list they force a reset.
https://krebsonsecurity.com/2019/08/...r-assumptions/ ;) |
All times are GMT -6. The time now is 9:07 pm. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.