My SPG Account Got Hacked
#106
FlyerTalk Evangelist
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,682
I know this is a somewhat delayed response, but after reading through this thread I wanted to state that a password can be a thousand characters long and it won't help if there is a key logger on the machine or a packet capture device on the public wifi.
If you want a higher level of security, only log onto web sites from a personally owned device and never use public wifi. Doing those things will only ensure you are not the cause of the breach, but it helps....
If you want a higher level of security, only log onto web sites from a personally owned device and never use public wifi. Doing those things will only ensure you are not the cause of the breach, but it helps....
#107
Join Date: Mar 2006
Location: Up in the air
Programs: AS MVPG 75k, AA Plat, MR Plat, SPG Plat, HH Diamond
Posts: 140
Someone tried to transfer my points to his Ethihad Airways account
Hello fellow FTers,
I'd like to share my story as well:
- I received an e-mail two days ago that 75k + 15k points would be transferred from my SPG to an Etihad Airways mileage account.
- I tied for 15 minutes to get someone on the phone - since I'm currently in Germany, the number on the website routed me to the German SPG offices which were closed on Sunday; when calling my Ambassador, it would every time re-route me to a Chinese (?) announcement and eventually hang up; calling the US SPG number directly did the trick.
- The representative said they would look into the matter, and suggested I should change my SPG password "to be on the safe side."
- I changed my password and e-mailed my Ambassador to inform her about the incident.
- Since yesterday, I cannot log onto SPG.com anymore. I called my Ambassador and was told that my account is now frozen for investigation. Oddly enough, login through the iPhone app still works!
- I received an brief e-mail from my Ambassador that I should just create a new SPG account and they will try to merge it with my frozen account.
My Ambassador couldn't tell me if the transfer was initiated through e-mail/phone and suggested it could have been "just a typo" (someone used the wrong SPG number when doing the transfer), but honestly, I find this hard to believe.
-pilluelo
I'd like to share my story as well:
- I received an e-mail two days ago that 75k + 15k points would be transferred from my SPG to an Etihad Airways mileage account.
- I tied for 15 minutes to get someone on the phone - since I'm currently in Germany, the number on the website routed me to the German SPG offices which were closed on Sunday; when calling my Ambassador, it would every time re-route me to a Chinese (?) announcement and eventually hang up; calling the US SPG number directly did the trick.
- The representative said they would look into the matter, and suggested I should change my SPG password "to be on the safe side."
- I changed my password and e-mailed my Ambassador to inform her about the incident.
- Since yesterday, I cannot log onto SPG.com anymore. I called my Ambassador and was told that my account is now frozen for investigation. Oddly enough, login through the iPhone app still works!
- I received an brief e-mail from my Ambassador that I should just create a new SPG account and they will try to merge it with my frozen account.
My Ambassador couldn't tell me if the transfer was initiated through e-mail/phone and suggested it could have been "just a typo" (someone used the wrong SPG number when doing the transfer), but honestly, I find this hard to believe.
-pilluelo
#108
Join Date: Jan 2004
Location: Calgary, AB. , Canada
Programs: Marriott Bonvoy Lifetime Titanium , National Car Emerald Club Exec Elite, AC 50K Elite
Posts: 151
You are absolutely correct pilluelo, there is more to this than meets the eye. It's hardly a typo. I've had the exact same thing happen to my account on 2 separate occassions recently. Caught it each time and had the transaction reversed. Had to change my username and password failing which I was told by Account Integrity that my current SPG account would need to be closed and another one with a different number opened for me. I'm guessing this is an inside job. That is, someone at SPG is diverting points into this Etihad Airlines account.
#109
Join Date: Jan 2014
Posts: 1
SPG Account Hacked
I just found out today that my SPG account was hacked on 12/12/13. Similar to previous posts, a hotel reservation I had was cancelled and the points were transferred towards Etihad airline tickets. I can deal with my account being comprimised and feel fairly confident my points and reservations will be reinstated, but the bigger issue is that no one at Starwood bothered to contact me to let me know that my account was hacked and had been frozen almost a month ago. Only through dumb luck, (my wife called to make a hotel reservation using our starwood account), did we discover our account was comprimised. Even after calling customer service, they could give me no other details other than it was being investigated and that i should send an email to [email protected]. I am blown away that there is not a person i can talk with to make sure everything is reinstated (ie points, reservations, etc). Interestingly, i spoke to a supervisor who mentioned that their system was hacked, so it doesn't look like my computer was compromised. Does anyone have any commentary on how responsive SPG is through email correspondence?
#110
Join Date: Jan 2004
Location: Calgary, AB. , Canada
Programs: Marriott Bonvoy Lifetime Titanium , National Car Emerald Club Exec Elite, AC 50K Elite
Posts: 151
I just found out today that my SPG account was hacked on 12/12/13. Similar to previous posts, a hotel reservation I had was cancelled and the points were transferred towards Etihad airline tickets. I can deal with my account being comprimised and feel fairly confident my points and reservations will be reinstated, but the bigger issue is that no one at Starwood bothered to contact me to let me know that my account was hacked and had been frozen almost a month ago. Only through dumb luck, (my wife called to make a hotel reservation using our starwood account), did we discover our account was comprimised. Even after calling customer service, they could give me no other details other than it was being investigated and that i should send an email to [email protected]. I am blown away that there is not a person i can talk with to make sure everything is reinstated (ie points, reservations, etc). Interestingly, i spoke to a supervisor who mentioned that their system was hacked, so it doesn't look like my computer was compromised. Does anyone have any commentary on how responsive SPG is through email correspondence?
#111
Join Date: Oct 2012
Posts: 970
I just found out today that my SPG account was hacked on 12/12/13. Similar to previous posts, a hotel reservation I had was cancelled and the points were transferred towards Etihad airline tickets. I can deal with my account being comprimised and feel fairly confident my points and reservations will be reinstated, but the bigger issue is that no one at Starwood bothered to contact me to let me know that my account was hacked and had been frozen almost a month ago. Only through dumb luck, (my wife called to make a hotel reservation using our starwood account), did we discover our account was comprimised. Even after calling customer service, they could give me no other details other than it was being investigated and that i should send an email to [email protected]. I am blown away that there is not a person i can talk with to make sure everything is reinstated (ie points, reservations, etc). Interestingly, i spoke to a supervisor who mentioned that their system was hacked, so it doesn't look like my computer was compromised. Does anyone have any commentary on how responsive SPG is through email correspondence?
#112
Moderator: GLBT travelers, India-based Airlines and India; FlyerTalk Evangelist
Join Date: Jan 2004
Location: Asia
Programs: Yes!
Posts: 15,512
Lurkers? Should we be concerned here, at the number of these cases that are occuring, and over a significant time period now as well...
#113
Join Date: Jul 2003
Location: CT/ Germany - Ich spreche deutsch
Programs: UA 1K, Bonvoy LTTE, HH Dia, HY Expl
Posts: 4,657
My SPG Account Got Hacked
Mine was hacked two days ago and email address changed but luckily no points taken out. I am having a really hard time since virtually all of my hotel frequent flyer accounts seem to have been hit in the same day. Marriott was same as SPG with email changed. Hilton email changed and account cleared out with merchandise orders. Club Carlson cleared out with gift card orders and IC with redemptions. I have no idea how they accessed all these accounts. NONE of the accounts had the same passwords!!!!! I assumed it is part of my AMEX Target issue since I used my SPG Amex there during the timeframe. AMEX number was used to set up an Amazon account but Amazon caught it. Things have just snowballed from there and I can't understand how all these accounts could have been compromised.
#114
Join Date: Mar 2006
Location: Up in the air
Programs: AS MVPG 75k, AA Plat, MR Plat, SPG Plat, HH Diamond
Posts: 140
While I understand that electronic accounts can get hacked all the time, I'm far from satisfied with SPG's way of handling the situation:
It's been 5 days someone initiated a points transfer. Like I wrote above, I immediately informed my SPG Ambassador about the situation which resulted in my account getting locked (from spg.com anyway, since access through the iPhone app still works ). As requested by her, I opened a new account since she promised it would be merged with my original (locked) account. Pinged my Ambassador twice about the situation, but nothing has happened so far. No response from her, and my new account still shows "0 points."
Not impressed at all.
It's been 5 days someone initiated a points transfer. Like I wrote above, I immediately informed my SPG Ambassador about the situation which resulted in my account getting locked (from spg.com anyway, since access through the iPhone app still works ). As requested by her, I opened a new account since she promised it would be merged with my original (locked) account. Pinged my Ambassador twice about the situation, but nothing has happened so far. No response from her, and my new account still shows "0 points."
Not impressed at all.
#115
FlyerTalk Evangelist
Join Date: Apr 2009
Location: India
Programs: Bonvoy Lifetime Titanium, IHG Plat, HH Gold, Trident Plat, DL Diamond, AI Maharajah
Posts: 29,682
Mine was hacked two days ago and email address changed but luckily no points taken out. I am having a really hard time since virtually all of my hotel frequent flyer accounts seem to have been hit in the same day. Marriott was same as SPG with email changed. Hilton email changed and account cleared out with merchandise orders. Club Carlson cleared out with gift card orders and IC with redemptions. I have no idea how they accessed all these accounts. NONE of the accounts had the same passwords!!!!! I assumed it is part of my AMEX Target issue since I used my SPG Amex there during the timeframe. AMEX number was used to set up an Amazon account but Amazon caught it. Things have just snowballed from there and I can't understand how all these accounts could have been compromised.
#116
Suspended
Join Date: Oct 2003
Location: New York, NY
Programs: Delta - Gold; Starwood - Platinum; HHonors - Diamond & Avis Preferred
Posts: 10,869
Who are you referring to as "scummy people" and why?
#117
Join Date: Jul 2003
Location: CT/ Germany - Ich spreche deutsch
Programs: UA 1K, Bonvoy LTTE, HH Dia, HY Expl
Posts: 4,657
#118
Join Date: May 2000
Location: Houston, TX, USA
Programs: UA 1K, AA Lifetime Platinum, DL Platinum, Honors Diamond, Bonvoy Titanium, Hertz Platinum
Posts: 7,970
#119
Join Date: Jul 2003
Location: CT/ Germany - Ich spreche deutsch
Programs: UA 1K, Bonvoy LTTE, HH Dia, HY Expl
Posts: 4,657