My SPG Account Got Hacked

 
Old Dec 9, 2013, 10:48 pm
  #46  
 
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,299
Originally Posted by silverfalls
@David, On 29th Nov when I tried to change the password the maximum that I was able to use was 14 characters. I was issue Chrome, not sure if that's the maximum allowed now or its limited to chrome. I did not bother to check that. Also I had the same issue with American Express which did not allow more than 8 character until very recently.
14 might be fine, I didn't try that. I will next time. Thank you. And thanks for the reminder about Amex.

I know 16 didn't work for me, but 12 did.

12 or even 14 character passwords are not considered to be very strong these days. It doesn't matter if you use a password manager like roboform, 1password or last pass (all good products) if the site limits you to short combinations of characters. The password managers help by allowing you to create random combinations of characters that should be different for every site, but they can't overcome the site's limitations of only allowing limited/short passwords with restrictions on using special characters. But it is good advice to remind people to use a password manager and different passwords for each site to help minimize the risk when one site is compromised.

-David

Last edited by LIH Prem; Dec 9, 2013 at 11:18 pm
LIH Prem is offline  
Old Dec 9, 2013, 10:54 pm
  #47  
 
Join Date: May 2012
Location: SIN
Programs: JL GC | Marriott LT Silver | Global Entry | SQ Silver
Posts: 6,818
As for the 2FA, maybe SPG can comeup with a security token like how it's used for internet online banking. Or a mobile app that generates the 2FA (Blizzard Entertainment did this for their accounts portal).
lcpteck is offline  
Old Dec 9, 2013, 11:42 pm
  #48  
 
Join Date: Feb 2009
Location: LAX
Programs: HH Diamond, SPG Gold, Marriott Elite Gold
Posts: 1,032
I'm confused. I thought you could only convert your SPG points into a FF account in your name.
greg0ire is offline  
Old Dec 9, 2013, 11:43 pm
  #49  
 
Join Date: Apr 2009
Location: SMF
Posts: 1,261
Originally Posted by iflyjetz
One program that I use to monitor my accounts (I have 19) is Award Wallet. It will show you very quickly whether or not your points have changed and it also tracks expiration dates. I updated early one Sunday and all of my Hilton points disappeared - I quickly found out (by reading FT threads) that this was very common with Hilton; don't know if they've fixed the glitch yet but my points showed up a few hours later.

Here's a link if you decide to go with Award Wallet that will allow you a free service upgrade: http://AwardWallet.com/?refCode=wqraisoqvf
I'm not trying to spam; you can find an Award Wallet upgrade conga line in the S.P.A.M. subforum if you prefer.
I've thought about using AwardWallet.com but, wow, if its accounts ever got hacked into, multiple airline miles accounts would be compromised. There's one other, er, what is it: Points.com? I think that outfit wanted passwords for every account, no? Are you kidding? Give passwords out so another company can conveniently track them? Geesh, I'm reticent to confide my passwords with others.
Tailgater is offline  
Old Dec 9, 2013, 11:57 pm
  #50  
 
Join Date: Jan 2012
Posts: 113
http://money.cnn.com/2013/12/04/tech...swords-stolen/
Jut found out that my adobe account had been compromised via this site... http://haveibeenpwned.com/
csol47 is offline  
Old Dec 10, 2013, 12:34 am
  #51  
 
Join Date: Feb 2013
Location: Miami, FL
Programs: UA 1MM, AA Plat Pro, Marriott LT Titanium, Hyatt Glob, IHG ♢ Amb, Hilton ♢, Hertz Pres
Posts: 6,008
If you want to see how strong your password is - use this http://www.howsecureismypassword.net/

My Lastpass password is 344,000 years. Safe enough for me
TravelinSperry is offline  
Old Dec 10, 2013, 1:40 am
  #52  
 
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,299
Originally Posted by Tailgater
I've thought about using AwardWallet.com but, wow, if its accounts ever got hacked into, multiple airline miles accounts would be compromised. There's one other, er, what is it: Points.com? I think that outfit wanted passwords for every account, no? Are you kidding? Give passwords out so another company can conveniently track them? Geesh, I'm reticent to confide my passwords with others.
With award wallet, you can choose where your passwords are stored. You can decide to store them locally on your computer or on their server. Anyway, if you're really interested in it, there's a faq entry about it on their web site.

From what I've read from security experts, 12-14 random mixed case characters using numbers, letters and symbols (not based on dictionary or other easy to remember phrases) is the current minimum recommended password length. And in 6 months that will change, I'm sure. And don't use the same password on more than one site.

-David

Last edited by LIH Prem; Dec 10, 2013 at 1:47 am
LIH Prem is offline  
Old Dec 10, 2013, 2:23 am
  #53  
FlyerTalk Evangelist
 
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,598
on the 28th of november i received an email from spg as well informing me that my mailing address had been updated....i quickly logged onto my spg account & the mailing address was the same as it had been before....no change at all....either way, i didn't want to take a chance so i changed my password....
Keyser is offline  
Old Dec 10, 2013, 2:39 am
  #54  
 
Join Date: Jul 2001
Programs: Marriott LT Tit; Hyatt Explorist; Hilton CC Gold; IHG CC Plt; Hertz (MR) 5 star
Posts: 5,536
Originally Posted by Tailgater
I've thought about using AwardWallet.com but, wow, if its accounts ever got hacked into, multiple airline miles accounts would be compromised. There's one other, er, what is it: Points.com? I think that outfit wanted passwords for every account, no? Are you kidding? Give passwords out so another company can conveniently track them? Geesh, I'm reticent to confide my passwords with others.
The passwords can be stored on your computer. Personally, I put my passwords on Award Wallet because I'm more concerned about someone taking passwords off of my computer if I lose it. I can check my 19 separate accounts very quickly; if it weren't for Award Wallet, I wouldn't check some of my accounts for a month or more. I consider that (lack of checking accounts) to be more of a risk than storing my passwords on Award Wallet. It's a huge timesaver for me.
iflyjetz is offline  
Old Dec 10, 2013, 6:44 am
  #55  
A FlyerTalk Posting Legend
 
Join Date: Sep 2009
Location: Minneapolis: DL DM charter 2.3MM
Programs: A3*Gold, SPG Plat, HyattDiamond, MarriottPP, LHW exAccess, ICI, Raffles Amb, NW PE MM, TWA Gold MM
Posts: 100,327
Originally Posted by Keyser
on the 28th of november i received an email from spg as well informing me that my mailing address had been updated....i quickly logged onto my spg account & the mailing address was the same as it had been before....no change at all....either way, i didn't want to take a chance so i changed my password....
Did the email really come from SPG or was it perhaps part of a phishing attempt? Did you inform SPG?
MSPeconomist is offline  
Old Dec 10, 2013, 7:10 am
  #56  
FlyerTalk Evangelist
 
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,598
Originally Posted by MSPeconomist
Did the email really come from SPG or was it perhaps part of a phishing attempt? Did you inform SPG?
it came from a starwoodhotels.com address so i'm guessing it came from spg....

i didn't inform anyone at that time....i just thought it was a technical glitch....
Keyser is offline  
Old Dec 10, 2013, 7:19 am
  #57  
 
Join Date: Sep 2006
Location: IAD
Programs: Marriott- Platinum, IHG - Platinum, Hyatt - Globalist, CC - Gold, Hilton - Diamond, BW - Platinum S
Posts: 256
deleted
silverfalls is offline  
Old Dec 10, 2013, 8:30 am
  #58  
Suspended
 
Join Date: Jun 2012
Location: 048′24″N 17636′59″W
Programs: Taiwan is a country.
Posts: 1,206
Originally Posted by lcpteck
As for the 2FA, maybe SPG can comeup with a security token like how it's used for internet online banking. Or a mobile app that generates the 2FA (Blizzard Entertainment did this for their accounts portal).
OMG.. they're points people. I HATE I have to use the fob thingy for banking..
deadinabsentia is offline  
Old Dec 10, 2013, 9:00 am
  #59  
Moderator: British Airways Executive Club, Marriott Bonvoy
 
Join Date: May 2006
Location: Englandshire
Programs: SPG LT Plat, BA G, BD*LG, MG Blue+ ...
Posts: 15,957
For the folks affected by these recent hacking events, was your login password the same as, or different from, the 'verbal password' that you give when making a phone transaction ?
Oxon Flyer is offline  
Old Dec 10, 2013, 2:42 pm
  #60  
 
Join Date: Mar 2007
Posts: 3,990
Originally Posted by Keyser
it came from a starwoodhotels.com address so i'm guessing it came from spg....

i didn't inform anyone at that time....i just thought it was a technical glitch....
You never know. I got a phishing email just the other day posing as American Express, and the email address it was sent from was the exact same as American Expresses real email address. That's why my spam filter didn't catch it. Fortunately I checked with Amex before opening...

Cheers,
Flews is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.