FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   United Airlines | MileagePlus (https://www.flyertalk.com/forum/united-airlines-mileageplus-681/)
-   -   UA Account Hacked / Reports of Fraudulent Award Travel Redemption (https://www.flyertalk.com/forum/united-airlines-mileageplus/1538481-ua-account-hacked-reports-fraudulent-award-travel-redemption.html)

CaptainMiles Jan 6, 2014 1:26 pm


Originally Posted by valleygeek (Post 22097123)
Have you asked for the PIN to be removed from your account? Not sure if that's even possible, I haven't tried. You can always change it to a random number and never use it again.

Can you really forget it and never use it again? I am always asked for my PIN when I try to book or make changes to award tickets by phone.

edcho Jan 6, 2014 1:30 pm


Originally Posted by CaptainMiles (Post 22097259)
Can you really forget it and never use it again? I am always asked for my PIN when I try to book or make changes to award tickets by phone.

or use / refund upgrade certs, request missing miles, etc.

valleygeek Jan 6, 2014 1:31 pm


Originally Posted by CaptainMiles (Post 22097259)
Can you really forget it and never use it again? I am always asked for my PIN when I try to book or make changes to award tickets by phone.

Sorry, I meant never use it again online.

brp1264 Jan 6, 2014 4:17 pm

From my chat with the Fraud rep on the phone, you cannot remove the Pin login access. She said they are rolling out some updates soon to address this issue and allow the user to specify only a password.

My quip to her about patches upon patches on a 20+ year old shares platform didn't get much of a laugh, just a sigh of exasperation.

She indicated a lot of other customers have complained about this lack of security as well.

Steve M Jan 6, 2014 4:24 pm


Originally Posted by brp1264 (Post 22098598)
My quip to her about patches upon patches on a 20+ year old shares platform didn't get much of a laugh, just a sigh of exasperation.

That's very similar to how they come off when made here on FT.

FlytheTail Jan 6, 2014 4:34 pm


Originally Posted by Often1 (Post 22097114)
1. Do not use a 4-digit PIN, stick to a passphrase (UA can acommodate up to 20 characters).


Originally Posted by sahiljain22 (Post 22097105)
You need to remove the pin after you set up the password.

It appears one doesn't have a choice to not use a 4-digit PIN. Correct me if I am wrong.

matjes Jan 6, 2014 5:57 pm

So this crook booked some travel with someone else on your account/$$$/miles/upgrades?

Did they not have to fill in the names etc of those travelling? That should give law enforcement a good handle on who this might have been (unless it was done as random malice w/o the travellers 'nominated' wanting the trip/knowing about it)..

mahasamatman Jan 6, 2014 6:16 pm


Originally Posted by FlytheTail (Post 22098731)
It appears one doesn't have a choice to not use a 4-digit PIN. Correct me if I am wrong.

You are not wong. Every account has a 4-digit PIN and there's currently no possible way to remove it. Continental and post-merger United have never been concerned with security in the least. pmUA was much better about this.

unavaca Jan 6, 2014 6:18 pm

Often times the travelers booked using stolen miles are unknowing 3rd parties thinking that they're getting a great deal on a ticket; the thief is a middleman providing the service.

runningshoes Jan 6, 2014 6:49 pm


Originally Posted by FlytheTail (Post 22098731)
It appears one doesn't have a choice to not use a 4-digit PIN. Correct me if I am wrong.


Originally Posted by mahasamatman (Post 22099371)
You are not wong. Every account has a 4-digit PIN and there's currently no possible way to remove it. Continental and post-merger United have never been concerned with security in the least. pmUA was much better about this.

The 4 digit PIN does not have to be used for login to your MP account - use a regular password and the PIN is then used by the UA agent to verify identity when redeeming miles over the phone. This still leaves you open to anyone hacking an account PW and redeeming miles on the web but increases the complexity of breaking into the account to begin with.

bldr1k Jan 6, 2014 7:10 pm


Originally Posted by runningshoes (Post 22099563)
The 4 digit PIN does not have to be used for login to your MP account - use a regular password and the PIN is then used by the UA agent to verify identity when redeeming miles over the phone. This still leaves you open to anyone hacking an account PW and redeeming miles on the web but increases the complexity of breaking into the account to begin with.

I thought creating a password would have disabled the PIN (at least for logon) but my pin still works even though I have a password.

At least my browser lets me save the logon information so I never need to type it. Observing the PIN as someone types it in (especially in an airport or airplane seat) is pretty easy to do.

milski Jan 6, 2014 7:10 pm


Originally Posted by runningshoes (Post 22099563)
The 4 digit PIN does not have to be used for login to your MP account - use a regular password and the PIN is then used by the UA agent to verify identity when redeeming miles over the phone. This still leaves you open to anyone hacking an account PW and redeeming miles on the web but increases the complexity of breaking into the account to begin with.

How can I disable the PIN use for logging in on the web site? I do have a password but entering the PIN instead of the password works just as well, making the password rather useless. :confused:

WineCountryUA Jan 6, 2014 7:18 pm


Originally Posted by bldr1k (Post 22099669)
I thought creating a password would have disabled the PIN (at least for logon) but my pin still works even though I have a password. ....

that is unfortunately correct


Originally Posted by milski (Post 22099671)
How can I disable the PIN use for logging in on the web site? ... :confused:

you are not :confused:, as many past posters have stated, there is no way to disable the insecure PIN :td:

subordinateflyer Jan 6, 2014 7:26 pm

Good point.... But
 

Originally Posted by unavaca (Post 22099381)
Often times the travelers booked using stolen miles are unknowing 3rd parties thinking that they're getting a great deal on a ticket; the thief is a middleman providing the service.

This is a very good point - However the person will know where they got their ticket from so following the money should only take one more step.

mahasamatman Jan 6, 2014 7:34 pm


Originally Posted by runningshoes (Post 22099563)
The 4 digit PIN does not have to be used for login to your MP account

It doesn't have to be used, but as has been pointed out, it can be and there's nothing you can do about it.

By the same token, if you add a user name, that doesn't prevent logging in using your MP number either.


All times are GMT -6. The time now is 4:04 pm.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.