|
Originally Posted by veresch
(Post 25204724)
The majority of the 250 accounts had the same username and password, we know what passwords they were trying to submit from the logs. They tried passwords like "password" or "1234567890".
|
Originally Posted by veresch
(Post 25204724)
The majority of the 250 accounts had the same username and password, we know what passwords they were trying to submit from the logs. They tried passwords like "password" or "1234567890".
|
For the FT members who have posted that their AW account was hacked, were you using "password" or "Password" as your account password, or was your password the same as your user name...?
|
Originally Posted by lopinc1
(Post 25207617)
You log the failed passwords from failed login attempts in a log in clear text? That's not something you should be able to see. What about successful attempts, are those passwords logged as well?
|
I was starting to sign up when I decided to look at Flyertalk real quickly to get feedback. Glad I did so...I will take a pass for now.
|
I was also a victim of this hack, and admittedly, I had a VERY insecure password.
I was aware of the dangers of giving it access to my accounts. There's no way it would be able to use those passwords repeatedly to get your balances if they weren't stored in a plain text format that the system could use to login to check those balances. It was my fault for not changing my AW password to something more secure after I started adding those. I appreciated that AW caught this quickly and notified me before any damage was done. Good on them. |
Originally Posted by Steven6702
(Post 25228738)
I was also a victim of this hack, and admittedly, I had a VERY insecure password.
I was aware of the dangers of giving it access to my accounts. There's no way it would be able to use those passwords repeatedly to get your balances if they weren't stored in a plain text format that the system could use to login to check those balances. It was my fault for not changing my AW password to something more secure after I started adding those. I appreciated that AW caught this quickly and notified me before any damage was done. Good on them. One thing I wish AwardWallet had done was email all users that there had been a very limited security breach and suggesting that all users reinforce good password practice. Had I not read this on FT, I would not have known and may have been the next victim. I understand why they may have only wished to notify the 250 affected account holders as they didn't want to generate massive panic, but I would have very much appreciated an approach of full disclosure so other potential victims would have time to take appropriate action to secure their accounts. |
Has my award wallet account been hacked??
Today I received an email from award wallet advised changes to scheduled flight times for JL flight from ICN to NRT next March. Howevever I checked JAL website and AA website (I booked tickets thru AA) and there was no such changes! Has anyone received such strange email? |
How to Turn Off 2-Factor Authentication?
A few weeks ago I turned on 2-factor in AW, but now I'd like to turn it back off. How can that be done?
ANSWER: Ten minutes before posting this, an email was sent to me from Award Wallet stating that 2-factor had been turned off. Does someone there have psychic powers?? |
| All times are GMT -6. The time now is 8:47 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.