Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

UA Account Hacked / Reports of Fraudulent Award Travel Redemption

Old Dec 29, 2014, 12:05 am
FlyerTalk Forums Expert How-Tos and Guides
Last edit by: WineCountryUA
This thread to follow reports of MP accounts that actually have been hacked / improperly accessed. If you have missing miles and beleive you have been hacked, contact [email protected]

In Suspended MP Accounts / Third Party Vendor "Security Breach?" - Dec 2014 there is discussion of a security breach of a 3rd party that UA seems to believe may lead to inappropriate access to UA accounts via the username method of logging into united.com. Let's follow the breach and log-in changes in the above thread.

A separate(?) "access denied" issue is covered in Consolidated " Is united.com or parts of it Down?" thread
Print Wikipost

UA Account Hacked / Reports of Fraudulent Award Travel Redemption

Old Jan 7, 2014, 12:10 am
  #46  
 
Join Date: Apr 2001
Location: San Francisco, CA
Programs: UA Gold 1MM, Marriott Platinum
Posts: 548
I can't figure out how to remove my credit card number from ua.bomb. Tips appreciated.
sfolawyer is offline  
Old Jan 7, 2014, 12:14 am
  #47  
 
Join Date: Jan 2007
Location: NYC
Posts: 302
Navigate to Manage Profile (http://www.united.com/web/en-US/apps...t/profile.aspx). At the bottom of the first gray section should be a Saved Form of Payment area. Click "View All Saved Forms of Payment" and delete from there.
rmannion is online now  
Old Jan 7, 2014, 12:16 am
  #48  
Moderator: United Airlines
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.99MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 66,577
Originally Posted by username
....SHARES handles the reservations and I don't think it has anythnig to do with the PINs. MileagePlus is a different system.
May help if you accept "SHARES" is a shorthand on FT for UA's IT systems.
WineCountryUA is offline  
Old Jan 7, 2014, 12:27 am
  #49  
 
Join Date: Apr 2001
Location: San Francisco, CA
Programs: UA Gold 1MM, Marriott Platinum
Posts: 548
Originally Posted by rmannion
Navigate to Manage Profile (http://www.united.com/web/en-US/apps...t/profile.aspx). At the bottom of the first gray section should be a Saved Form of Payment area. Click "View All Saved Forms of Payment" and delete from there.
Excellent, thank you. I just finished a project to upgrade all my passwords, and this was a loose end. (Hat tip to dashlane, a great program I've used to store and encrypt all of my passwords and payment info.)
sfolawyer is offline  
Old Jan 7, 2014, 12:50 am
  #50  
 
Join Date: Sep 2009
Programs: UA GS>1K>Nothing; DL PM 2MM; AS 75K>Nothing>MVP
Posts: 9,337
Originally Posted by UrbaneGent
From my own experience, the police don't care - they have better things to do. My garbage collector stole my identity via discarded mail. Over two year, he bought two cars, numerous credit cards, rented a house - he even got $20K of dental work under my name! He made the payments and then defaulted on everything, which I then found out. I filed a report in Chicago and I took everything to the Lansing Police Department where the guy lived. I had his real name, address and a thick file of everything and they didn't or couldn't do anything! The only thing one can do is be on top of everything and shred all documents. At least OP had no damage done to his credit.
Totally agree. The reason this stuff is so prevalent is that law enforcement doesn't do jack $h!t to stop it. It would be trivial to catch a few of these social miscreants, flog 'em and then lock them up. One or two public examples is all it would take to shut this down.
5khours is offline  
Old Jan 7, 2014, 12:53 am
  #51  
Moderator: Mileage Run, United Airlines; FlyerTalk Evangelist
 
Join Date: Jan 2004
Location: The City/Honolulu
Programs: UA 3MM; Hyatt Glob*****; Hilton Diamond
Posts: 14,472
Originally Posted by mgcsinc
In any case, due to concerns like yours, UA has now taken the complete MP number off of boarding passes.
Must be a recent change. Boarding passes from December 1, 7, and 14 show my full MP number
Pat89339 is offline  
Old Jan 7, 2014, 12:56 am
  #52  
 
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
Originally Posted by Pat89339
Must be a recent change. Boarding passes from December 1, 7, and 14 show my full MP number
Yeah, just a couple weeks old, I think. There was maybe a thread about it?
mgcsinc is offline  
Old Jan 7, 2014, 1:36 am
  #53  
 
Join Date: Jun 2011
Posts: 923
Originally Posted by rmannion
Navigate to Manage Profile (http://www.united.com/web/en-US/apps...t/profile.aspx). At the bottom of the first gray section should be a Saved Form of Payment area. Click "View All Saved Forms of Payment" and delete from there.
many thanks. That worked great!
dcpdxtrans is offline  
Old Jan 7, 2014, 1:47 am
  #54  
 
Join Date: Apr 2006
Location: LIS/ATL/other
Programs: UA 1K, Avis PC, Hertz PC, Sixt Plat, Marriott Gold, HH Silver
Posts: 1,983
Originally Posted by mgcsinc
In any case, due to concerns like yours, UA has now taken the complete MP number off of boarding passes.
No they didn't. It's in the clear in the bar code. Just scan the barcode with any of a number of free apps.
CaptainMiles is offline  
Old Jan 7, 2014, 7:18 am
  #55  
 
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
Originally Posted by CaptainMiles
No they didn't. It's in the clear in the bar code. Just scan the barcode with any of a number of free apps.
K but that's not what I said. They clearly did make the change to the cleartext number, so I don't know why you would feel the need to aggressively disagree with me.

It all depends on your level of paranoia.
mgcsinc is offline  
Old Jan 7, 2014, 7:23 am
  #56  
 
Join Date: Jul 2010
Location: London, UK
Programs: BA Gold, UA Nobody, Hilton Gold
Posts: 2,372
Originally Posted by mgcsinc
Look, brute force is just not that likely here. Phishing and the like are way more likely to be the way these folks are getting PINs. It's really not a big concern.

In any case, due to concerns like yours, UA has now taken the complete MP number off of boarding passes.
I doubt its phishing either, far too hit and miss. I think it's much more likely that its insiders at the call center, this would be a much more efficient way of targeting high value MP accounts.

Originally Posted by Pat89339
The 4-digit pin is also the reason I shred all boarding passes and printed itineraries. I don't want my MP number floating around.
I now use the app almost exclusively which removes this issue, but as I said above this is almost certainly not someone picking up discarded boarding passes and brute forcing the PIN.
alex_b is offline  
Old Jan 7, 2014, 7:28 am
  #57  
FlyerTalk Evangelist
 
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
Originally Posted by alex_b
...this is almost certainly not someone picking up discarded boarding passes and brute forcing the PIN.
I think that your account gets locked after three or four incorrect login attempts, so "brute forcing" (if by that you mean trying different PINs) wouldn't work very often.
Bonehead is offline  
Old Jan 7, 2014, 8:04 am
  #58  
 
Join Date: Nov 2013
Posts: 855
Regarding the FF info on BPs:
1. Full FF number printed on my 1/6 BPs
2. As others have pointed out, the barcode contains the full FF number
3. Even if the BP didn't contain any FF number info, someone finding your BP can use the PNR and last name to retrieve the trip info, including the traveler details.

Not printing the full FF number on the BP won't make anything safer.

Originally Posted by mgcsinc
K but that's not what I said. They clearly did make the change to the cleartext number, so I don't know why you would feel the need to aggressively disagree with me.
No, they clearly didn't.
FF numbers were still printed in clear text on BPs as recently as two days ago.
You claim the change was made "a couple of weeks" ago. It clearly wasn't.
People "aggressively disagree" with you because you are wrong. @:-)

Last edited by Ocn Vw 1K; Jan 7, 2014 at 10:09 am Reason: Combine consecutive posts of same member.
26point2orbust is offline  
Old Jan 7, 2014, 8:34 am
  #59  
 
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
Originally Posted by 26point2orbust
Regarding the FF info on BPs:
1. Full FF number printed on my 1/6 BPs
2. As others have pointed out, the barcode contains the full FF number
3. Even if the BP didn't contain any FF number info, someone finding your BP can use the PNR and last name to retrieve the trip info, including the traveler details.

Not printing the full FF number on the BP won't make anything safer.
I never said it would make anything safer. In fact, I implied quite the opposite.

Originally Posted by 26point2orbust
No, they clearly didn't.
FF numbers were still printed in clear text on BPs as recently as two days ago.
You claim the change was made "a couple of weeks" ago. It clearly wasn't.
People "aggressively disagree" with you because you are wrong. @:-)
Good grief! Sure, I'm just lying. Others have posted about it, and that's how it was on my New Years BPs. Clearly, not all the systems have caught up.

If you want to put money on it, I'll post a pic to prove you wrong.
mgcsinc is offline  
Old Jan 7, 2014, 9:45 am
  #60  
 
Join Date: May 2011
Posts: 5,814
I can confirm that LGA kiosks have been rolled out with the change two weeks ago. Just shows "AB******" and actually surprised me.
edcho is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.