My SPG Account Got Hacked
Jul 1, 2015, 12:17 am
#286
Join Date: Sep 2012
Posts: 1,748
I had not logged in to my SPG account for probably 2-3 months prior to this incident. I did logon to the Internet while I was in this country, and my Hotmail account was hacked, but I figured that out immediately and changed passwords. No other account of any type was compromised.
Jul 1, 2015, 6:40 pm
#287
Join Date: May 2004
Location: TPE
Programs: AA EXP 2MM
Posts: 507
I'm guessing either near Gweta, Botswana or just outside of Bulawayo, Zimbabwe.
Jul 10, 2015, 2:05 pm
#288
Join Date: Nov 2002
Location: SEA/YVR/BLI
Programs: UA "Lifetime" Gold, AS MVPG100K, OW Emerald, HH Lifetime Diamond, IC Plat, Marriott Gold, Hertz Gold
Posts: 9,490
If Fred2 were located in the same city, I could see this happening when Fred2 called to make a reservation but didn't know his SPG account number. The phone agent would probably look it up using his name and city/state, find Fred and Fred 2, and somehow have both accounts open, mixing them up when making the booking.
The agent searched for the name and mistakenly picked the wrong one. They state they have followed up with the employee who "mistakenly linked your account to ensure their understanding of the effect it can have as well as a refresher on how to successfully verify ownership of an account." I'll bet they have!
Mrs. Fredd (the account is actually in her name) and I appreciate William's intervention and the subsequent e-mail of explanation and apology from the Account Integrity team. It's a relief.
Jul 10, 2015, 7:10 pm
#289
Join Date: Jul 2001
Programs: Marriott LT Tit; Hyatt Explorist; Hilton CC Gold; IHG CC Plt; Hertz (MR) 5 star
Posts: 5,536
That was a pretty good hunch. Starwood Lurker (Thanks William! ^) volunteered to research this. It took awhile but their team investigated and it apparently was a phone agent's innocent but significant mistake when another party with the same last name and same first initial called to link their Starwood account to a reservation.
The agent searched for the name and mistakenly picked the wrong one. They state they have followed up with the employee who "mistakenly linked your account to ensure their understanding of the effect it can have as well as a refresher on how to successfully verify ownership of an account." I'll bet they have!
The agent searched for the name and mistakenly picked the wrong one. They state they have followed up with the employee who "mistakenly linked your account to ensure their understanding of the effect it can have as well as a refresher on how to successfully verify ownership of an account." I'll bet they have!
Sep 14, 2015, 12:56 pm
#290
Join Date: Jul 2011
Location: Las Vegas or Park City
Posts: 169
95K points stolen
Just had my account hacked in the UK, 95K points transferred out. SPG could not even tell me which airline it went to. I hope they get my points back, but she did not sound too confident. Hard to prove it wasn't even on their side.
Sep 14, 2015, 2:19 pm
#291
Moderator: British Airways Executive Club, Marriott Bonvoy
Join Date: May 2006
Location: Englandshire
Programs: SPG LT Plat, BA G, BD*LG, MG Blue+ ...
Posts: 16,032
. Did you mean there is a UK address on your account, or the hacker was in the UK ?
Oct 10, 2015, 12:40 pm
#292
Join Date: Apr 1999
Location: Colorado
Programs: UA 1KMM, Bonvoy Titanium
Posts: 296
Just to add to the thread - my account was compromised last night. ~90K points transferred to an Aeroplan account that wasn't mine.
Called as soon as I saw it this morning (they didn't change my email or anything - so I actually received an email from SPG last night saying the transfer request was processed) and the agent was able to trap the transfer before it executed and the points were back immediately.
So - yet another word of warning to change your email password frequently if you use one of the free mail services, as well as to set up the SPG multi-level security questions (My Profile>Security Questions)
Called as soon as I saw it this morning (they didn't change my email or anything - so I actually received an email from SPG last night saying the transfer request was processed) and the agent was able to trap the transfer before it executed and the points were back immediately.
So - yet another word of warning to change your email password frequently if you use one of the free mail services, as well as to set up the SPG multi-level security questions (My Profile>Security Questions)
Nov 24, 2015, 10:26 am
#293
Join Date: Jan 2007
Location: Maryland, USA
Programs: AA Platinum/2m miler, Marriott A and LTT, Delta Diamond, Hertz Presidents, Avis Presidents. +more
Posts: 127
It would be nice if SPG offered 2 level authentication so that when someone logs in from a new device or tries to change your password, you get notified on your cellphone with a PIN that you have to enter before proceeding. This would prevent this sort of thing from happening (or at least make it much less likely).