My SPG Account Got Hacked
#166
Join Date: Aug 2009
Location: Washington DC
Programs: Marriott Platinum, United Gold, Virgin Silver
Posts: 418
got hacked this morning
I got an e-mail at 2:30am that my e-mail address had been changed.
I called SPG this morning, spoke to three folks, got the my points reinstated (the hacker had requested $150 Amazon gift cards), but couldn't get back into my account online. The last part was pretty frustrating (it was hard to heard the last agent), so I left a message for a supervisor's supervisor.
I called back, got a better agent, and got transferred to a guy in Ireland who helped me get back into the account. He gave me some good advice, and then got me back to the regular platinum desk to tweak a reservation.
I am concerned that SPG has lax security, and i'm not thrilled about the three people I tried to speak to originally and their inability to help me get into my account.
Hopefully I'll hear from customer integrity in the next two weeks and from the supervisor.
I called SPG this morning, spoke to three folks, got the my points reinstated (the hacker had requested $150 Amazon gift cards), but couldn't get back into my account online. The last part was pretty frustrating (it was hard to heard the last agent), so I left a message for a supervisor's supervisor.
I called back, got a better agent, and got transferred to a guy in Ireland who helped me get back into the account. He gave me some good advice, and then got me back to the regular platinum desk to tweak a reservation.
I am concerned that SPG has lax security, and i'm not thrilled about the three people I tried to speak to originally and their inability to help me get into my account.
Hopefully I'll hear from customer integrity in the next two weeks and from the supervisor.
#167
Join Date: Jun 2009
Location: YYZ, MNL, WAW
Programs: Marriott Titanium, Lifetime Plat, (now an AC nobody)
Posts: 1,978
Thanks for the warning!
I just changed my password to something really long, using letters, symbols and numbers.
Thankfully I use a password program so having to remember my password isn't necessary.
I just changed my password to something really long, using letters, symbols and numbers.
Thankfully I use a password program so having to remember my password isn't necessary.
#169
Join Date: Jun 2009
Location: YYZ, MNL, WAW
Programs: Marriott Titanium, Lifetime Plat, (now an AC nobody)
Posts: 1,978
#170
Company Representative - Starwood
Join Date: Aug 2011
Programs: SPG
Posts: 713
Best regards,
Christopher Carman
Social Media Specialist
Starwood Hotels & Resorts Worldwide
[email protected]
#171
Suspended
Join Date: Jun 2009
Location: YYZ
Programs: AC E50K (*G) WS Gold | SPG/Fairmont Plat Hilton/Hyatt Diamond Marriott Silver | National Exec Elite
Posts: 19,284
What happens if you can't get into your app? There is a fine line between a secure password and going...s***, I'm old
#172
Join Date: Jan 2015
Programs: SPG platinum, Delta Gold
Posts: 2
SPG's response to this has so far been horrible. I've emailed many different customer contacts, including the one listed in this thread and have yet to et a substantive reply that indicates that anyone is reading my emails or understands the issue.
Since no one os really offering to help, here is message:
After speaking with a customer service associate on Saturday night, who was unable to give me much information or help, I understand that Starwood suffered a widespread data breach on Friday night.
My account was part of the breach. All of my SPG points were stolen along with my personal information and addresses/email addresses changed. I have confidence that the points will be returned, but what about my personal data?
SPG did not notify me of the breach or freeze my account when suspicious activity appeared. Instead SPG allowed my points and information to be stolen and didn't even bother to let me know about it and have me figure it out on my own.
My account has now been frozen, but this only happened after I contacted SPG. It is mind boggling to me that the liquidation of an account's points occurring simultaneously with a contact information change wouldn't immediately raise red flags for suspicious activity and cause the account to be immediately investigated an frozen.
I am deeply concerned about the personal information that the breach may have resulted in being stolen from me and any direct damages that I may incur.. If credit card information had been saved to your profile then that was stolen too, for me this fortunately was not the case.
I am also troubled by SPG's lack of apparent concern for the safety of my information. Confidence and trust is at the core of any business relationship and I'm not sure that i can continue to have this relationship with Starwood. I was looking forward to continuing my status as Platinum for the years to come, now I'm not so sure. SPG has not been forthcoming or helpful at all during this situation.
Since no one os really offering to help, here is message:
After speaking with a customer service associate on Saturday night, who was unable to give me much information or help, I understand that Starwood suffered a widespread data breach on Friday night.
My account was part of the breach. All of my SPG points were stolen along with my personal information and addresses/email addresses changed. I have confidence that the points will be returned, but what about my personal data?
SPG did not notify me of the breach or freeze my account when suspicious activity appeared. Instead SPG allowed my points and information to be stolen and didn't even bother to let me know about it and have me figure it out on my own.
My account has now been frozen, but this only happened after I contacted SPG. It is mind boggling to me that the liquidation of an account's points occurring simultaneously with a contact information change wouldn't immediately raise red flags for suspicious activity and cause the account to be immediately investigated an frozen.
I am deeply concerned about the personal information that the breach may have resulted in being stolen from me and any direct damages that I may incur.. If credit card information had been saved to your profile then that was stolen too, for me this fortunately was not the case.
I am also troubled by SPG's lack of apparent concern for the safety of my information. Confidence and trust is at the core of any business relationship and I'm not sure that i can continue to have this relationship with Starwood. I was looking forward to continuing my status as Platinum for the years to come, now I'm not so sure. SPG has not been forthcoming or helpful at all during this situation.
#173
Join Date: Jul 2009
Posts: 320
The issue here is unrelated to the issue of the Amex Hyatt offer.
There was no malware on the PC either so I still wonder how they got the info. I am hoping SPG will share with everyone what is going on as it sounds like it was not a one off attack.
There was no malware on the PC either so I still wonder how they got the info. I am hoping SPG will share with everyone what is going on as it sounds like it was not a one off attack.
#174
Join Date: Jul 2009
Posts: 320
It maybe time to report this to the WSJ or other main stream media and have them pressure SPG. Their security dept are closed for weekend so it is unlikely that the accounts have yet to be totally frozen.
SPG's response to this has so far been horrible. I've emailed many different customer contacts, including the one listed in this thread and have yet to et a substantive reply that indicates that anyone is reading my emails or understands the issue.
Since no one os really offering to help, here is message:
After speaking with a customer service associate on Saturday night, who was unable to give me much information or help, I understand that Starwood suffered a widespread data breach on Friday night.
My account was part of the breach. All of my SPG points were stolen along with my personal information and addresses/email addresses changed. I have confidence that the points will be returned, but what about my personal data?
SPG did not notify me of the breach or freeze my account when suspicious activity appeared. Instead SPG allowed my points and information to be stolen and didn't even bother to let me know about it and have me figure it out on my own.
My account has now been frozen, but this only happened after I contacted SPG. It is mind boggling to me that the liquidation of an account's points occurring simultaneously with a contact information change wouldn't immediately raise red flags for suspicious activity and cause the account to be immediately investigated an frozen.
I am deeply concerned about the personal information that the breach may have resulted in being stolen from me and any direct damages that I may incur.. If credit card information had been saved to your profile then that was stolen too, for me this fortunately was not the case.
I am also troubled by SPG's lack of apparent concern for the safety of my information. Confidence and trust is at the core of any business relationship and I'm not sure that i can continue to have this relationship with Starwood. I was looking forward to continuing my status as Platinum for the years to come, now I'm not so sure. SPG has not been forthcoming or helpful at all during this situation.
Since no one os really offering to help, here is message:
After speaking with a customer service associate on Saturday night, who was unable to give me much information or help, I understand that Starwood suffered a widespread data breach on Friday night.
My account was part of the breach. All of my SPG points were stolen along with my personal information and addresses/email addresses changed. I have confidence that the points will be returned, but what about my personal data?
SPG did not notify me of the breach or freeze my account when suspicious activity appeared. Instead SPG allowed my points and information to be stolen and didn't even bother to let me know about it and have me figure it out on my own.
My account has now been frozen, but this only happened after I contacted SPG. It is mind boggling to me that the liquidation of an account's points occurring simultaneously with a contact information change wouldn't immediately raise red flags for suspicious activity and cause the account to be immediately investigated an frozen.
I am deeply concerned about the personal information that the breach may have resulted in being stolen from me and any direct damages that I may incur.. If credit card information had been saved to your profile then that was stolen too, for me this fortunately was not the case.
I am also troubled by SPG's lack of apparent concern for the safety of my information. Confidence and trust is at the core of any business relationship and I'm not sure that i can continue to have this relationship with Starwood. I was looking forward to continuing my status as Platinum for the years to come, now I'm not so sure. SPG has not been forthcoming or helpful at all during this situation.
#175
Company Representative - Starwood
Join Date: Apr 2005
Location: Singapore
Programs: SPG
Posts: 4,002
Dear members,
First, we want to assure all SPG members that they will not lose any points if their account is affected.
We have a large team actively investigating and attempting to directly contact affected members. If an SPG member notices an issue with their account, please contact our customer service team. We suspect this is due to large breaches at other companies (not SPG) where user credentials are stolen and being used for unauthorized access to some SPG member’s accounts.
SPG has many account security protections in place to protect SPG members from losing points. It is very important that members not use the same user name and password across multiple sites. Please check your SPG account often and report any suspicious activity to us; always use strong, complex passwords with capital and lowercase letters, numbers and symbols; and we recommend creating a user name instead of using your email address as your user name.
We will continue to investigate this important matter.
[email protected]
Thyetus Lee | Social Media Specialist
Starwood Customer Contact Centre (AP) Pte Ltd
First, we want to assure all SPG members that they will not lose any points if their account is affected.
We have a large team actively investigating and attempting to directly contact affected members. If an SPG member notices an issue with their account, please contact our customer service team. We suspect this is due to large breaches at other companies (not SPG) where user credentials are stolen and being used for unauthorized access to some SPG member’s accounts.
SPG has many account security protections in place to protect SPG members from losing points. It is very important that members not use the same user name and password across multiple sites. Please check your SPG account often and report any suspicious activity to us; always use strong, complex passwords with capital and lowercase letters, numbers and symbols; and we recommend creating a user name instead of using your email address as your user name.
We will continue to investigate this important matter.
[email protected]
Thyetus Lee | Social Media Specialist
Starwood Customer Contact Centre (AP) Pte Ltd
Last edited by Starwood Lurker II; Jan 18, 2015 at 7:53 pm Reason: Adding the last sentence
#176
Join Date: Jul 2008
Location: DEN
Programs: UA-GS; WN A-list;Hyatt - CC; Hertz - PC
Posts: 645
SPG Account Hacked
This happened to both my wife and I on Christmas. It took numerous phone calls to get the account locked, and then kept happening. They seem to have bigger security breach then they are letting on.
#177
Join Date: Dec 2002
Location: New York, NY USA
Programs: AA 8MM Exec,Life Plat, Marriott Amb,Life Titanium, ,Hilton Diamond, Hyatt Globalist.
Posts: 495
Sisters account got hacked this weekend
I received an email from my sister tonight telling me to urgently call her.
Turns out she received an email from Starwood confirming changes made to her account. She thought about it and checked with her husband and neither had made any changes?
She called Starwood and found ALL her account information had all been changed and her balance was close to ZERO. Gift cards had been issued without any authorization from her and sent to a new address????????
Now she is concerned that all her personal information is out there and who ever this crook is knows her spending habits and personal information etc. Why is this happening so much with Starwood?
It seems like their IT head is enjoying his/her time at conferences and not getting the job done. They must better their IT security.
Be Careful ALL!
Turns out she received an email from Starwood confirming changes made to her account. She thought about it and checked with her husband and neither had made any changes?
She called Starwood and found ALL her account information had all been changed and her balance was close to ZERO. Gift cards had been issued without any authorization from her and sent to a new address????????
Now she is concerned that all her personal information is out there and who ever this crook is knows her spending habits and personal information etc. Why is this happening so much with Starwood?
It seems like their IT head is enjoying his/her time at conferences and not getting the job done. They must better their IT security.
Be Careful ALL!
#178
Company Representative - Starwood
Join Date: Apr 2005
Location: Singapore
Programs: SPG
Posts: 4,002
Hi NYCtraveler,
I am sorry to hear about the inconvenience your sister has experienced regarding her account.
Without cross-posting on separate threads at the same time, allow me to direct you to the statement made earlier.
http://www.flyertalk.com/forum/24191561-post31.html
[email protected]
Thyetus Lee | Social Media Specialist
Starwood Customer Contact Centre (AP) Pte Ltd
I am sorry to hear about the inconvenience your sister has experienced regarding her account.
Without cross-posting on separate threads at the same time, allow me to direct you to the statement made earlier.
http://www.flyertalk.com/forum/24191561-post31.html
[email protected]
Thyetus Lee | Social Media Specialist
Starwood Customer Contact Centre (AP) Pte Ltd
#179
Join Date: Feb 2009
Location: DEN
Programs: Hyatt Globalist, Bonvoy Titanium, CX DM, SQ Gold
Posts: 1,607
I just received e-mails from SPG that my account info had been updated.
I did no such thing today. I do log in every day to make bookings and stuff but my last activity was over 18 hours ago and didnt involve any change of contact details.
I promptly logged in, changed verbal password.
Looked at my contact info and it looked OK at first glance.
Went to change my web password and reminder question. It took.
Logged out, cleared cookies and tried to log back in and it failed!
Requested a temporary password to be sent to my e-mail. Received it. Tried to log in and now it says I have no account! Something very, very strange is going on.....
Tried live chat but it is down so I will call them now as this is clearly happening right now and demands a realtime response.
I did no such thing today. I do log in every day to make bookings and stuff but my last activity was over 18 hours ago and didnt involve any change of contact details.
I promptly logged in, changed verbal password.
Looked at my contact info and it looked OK at first glance.
Went to change my web password and reminder question. It took.
Logged out, cleared cookies and tried to log back in and it failed!
Requested a temporary password to be sent to my e-mail. Received it. Tried to log in and now it says I have no account! Something very, very strange is going on.....
Tried live chat but it is down so I will call them now as this is clearly happening right now and demands a realtime response.
#180
Join Date: Jan 2013
Location: CEB - primary/YVR -secondary
Programs: AC*Super Elite (100K) / PR*Elite / AY*Platinum (OWE) / SPG*Bonvoy Titanium (LTT)
Posts: 2,273
Called in to delete my d.o.b. and all credit card info (except for 1). Agent i spoke with hasnt heard of such security breach.
It's been mentioned by the lurkers that we should use both upper and lowercase letters for passwords but ever since the new interface rolled out last october, we've been mentioning that the system doesnt distinguish upper and lowercase letters. To date, that hasnt been resolved.
Your password could be LuRkEr5 or LURker5, but itll accept lurker5. When will this be fixed?
It's been mentioned by the lurkers that we should use both upper and lowercase letters for passwords but ever since the new interface rolled out last october, we've been mentioning that the system doesnt distinguish upper and lowercase letters. To date, that hasnt been resolved.
Your password could be LuRkEr5 or LURker5, but itll accept lurker5. When will this be fixed?