Dec 29, 2014, 12:05 am
Last edit by: WineCountryUA
This thread to follow reports of MP accounts that actually have been hacked / improperly accessed. If you have missing miles and beleive you have been hacked, contact [email protected]
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.
A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
UA Account Hacked / Reports of Fraudulent Award Travel Redemption
Jan 6, 2014, 8:09 pm
#31
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
Yeah, this is what I was getting at with my post upthread. My GF has been subjected to a similar sort of identity theft - someone stole her info and then went around a neighborhood selling cable to people (presumably for cash) using her info to open the accounts.
Jan 6, 2014, 8:34 pm
#33
Moderator: United Airlines
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.995MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,857
One appraoch , the thief converted the tickets into cash immediately. Booked ticket for another party and ripped them off, as discussed earlier in this thread.
Jan 6, 2014, 8:34 pm
#34
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,140
Most people don't check their accounts as often as FTers do, and if the ticket is only a few days out, it might be enough time. Plus, if it's a third-party scammer, once that person collects payment, he/she doesn't care what happens to the tickets.
Jan 6, 2014, 10:23 pm
#36
Join Date: Nov 2010
Location: NYC
Programs: AA EXP, Hilton GLD, Marriott Plat, NEXUS/GE
Posts: 2,872
You don't need to check your United account daily to see this sort of thing: Vigilance over credit card activity achieves the same thing across every merchant that has handled your credit card data.
Jan 6, 2014, 10:40 pm
#37
Join Date: Mar 2009
Location: LAX & EWR/JFK
Programs: Fomerly UA 1K, now Gold... next year, who knows?
Posts: 1,432
As a means of early detection, I have account alerts set on on my chase MP card so I get an email on any charge over a set $ amount. This would allow me to call Chase and/or UA and report fraud probably well before the flight time.
Jan 6, 2014, 10:50 pm
#38
Join Date: Dec 2002
Location: SFO
Posts: 3,942
Whoa ... why have the PIN work for web login even after you've setup a password. This basically negates any strong password, doesn't take long to crack a 4 digit PIN.
But then again this is the crack UA IT team we're talking about
But then again this is the crack UA IT team we're talking about
Jan 6, 2014, 10:54 pm
#39
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
I'm not convinced that the relatively few United.com "hackers" out there are accomplishing it though brute force.
Jan 6, 2014, 11:06 pm
#40
A FlyerTalk Posting Legend
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.035MM; Bonvoy Au-197; PCC Elite+; CCC Elite+; MSC C-12; CWC Au-197; WoH Dis
Posts: 52,140
That works for large charges like revenue tickets, but how many people monitor their credit card for $5 award fee charges? And how would that work for mileage transfers or redemptions that don't generate charges?
Jan 6, 2014, 11:10 pm
#41
Join Date: Jul 2004
Location: Chicago USA
Programs: *A Junkie, SQ PPS, Skywards Gold, 2 Million Mile Flyer;*wood LT Plat, BA MM
Posts: 1,762
From my own experience, the police don't care - they have better things to do. My garbage collector stole my identity via discarded mail. Over two year, he bought two cars, numerous credit cards, rented a house - he even got $20K of dental work under my name! He made the payments and then defaulted on everything, which I then found out. I filed a report in Chicago and I took everything to the Lansing Police Department where the guy lived. I had his real name, address and a thick file of everything and they didn't or couldn't do anything! The only thing one can do is be on top of everything and shred all documents. At least OP had no damage done to his credit.
Jan 6, 2014, 11:12 pm
#42
Join Date: Jun 2011
Posts: 923
Originally Posted by Phil Level:22100701
As a means of early detection, I have account alerts set on on my chase MP card so I get an email on any charge over a set $ amount. This would allow me to call Chase and/or UA and report fraud probably well before the flight time.
I just happened to check something else & discovered the fraud. I begged AX to do something but they said wait until the statement closed. I called the secret service (which @the time handled credit card theft) & they would touch it only if the value was $7500. I called the local police & nada.
After statement closed, I had to contest charges. Nothing was done against fraudsters, very disappointing.
Jan 6, 2014, 11:13 pm
#43
Moderator: Mileage Run, United Airlines; FlyerTalk Evangelist
Join Date: Jan 2004
Location: The City/Honolulu
Programs: UA 3MM; Hyatt Glob*****; Hilton Diamond
Posts: 14,473
The 4-digit pin is also the reason I shred all boarding passes and printed itineraries. I don't want my MP number floating around.
Jan 6, 2014, 11:16 pm
#44
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
In any case, due to concerns like yours, UA has now taken the complete MP number off of boarding passes.
Jan 7, 2014, 12:09 am
#45
FlyerTalk Evangelist
Join Date: May 2001
Posts: 10,970
There we go again. SHARES handles the reservations and I don't think it has anythnig to do with the PINs. MileagePlus is a different system.