Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

    Hide Wikipost
Old May 13, 14, 4:42 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: Pat89339
Wiki Link
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.

It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.

Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
  1. MikeMpls
  2. nihaoa
  3. lewende Reported 4 friends with this issue
  4. ordbkk
  5. twebst
  6. kb1992
  7. litesleeper
  8. zombietooth
  9. critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
  10. skyvanman Also 1 friend with the issue
  11. chris1234
  12. atiger29
  13. bubble o bill
  14. genemk2
  15. jefftiger
  16. CuddlyFlyer
  17. gpeso8
  18. imm2b
  19. acf1270
  20. dgxoxo
  21. ACM two passengers
Originally Posted by ordbkk View Post
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户

先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。

如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。

感谢您使用 united.com

电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: [email protected]

Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:

MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)

So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
Print Wikipost

Old Apr 20, 14, 11:38 pm
  #376  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 60,068
Originally Posted by DaviddesJ View Post
Sure, but if you were, say, a German with Lufthansa miles booking an award ticket to China on CA, would you post on FT?
While FT is strongly USA based, there is a significant non-USA membership. So the reason for a EU member, booking CA with M&M, to report issues is no different on UA FT booking on CA. Except the segments used may be different.
WineCountryUA is offline  
Old Apr 20, 14, 11:50 pm
  #377  
Suspended
 
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Originally Posted by WineCountryUA View Post
While FT is strongly USA based, there is a significant non-USA membership. So the reason for a EU member, booking CA with M&M, to report issues is no different on UA FT booking on CA. Except the segments used may be different.
I'm not saying it couldn't happen, just that there are fewer Lufthansa members than UA members booking on CA in the first place, and then the probability that one of them would report their experience on FT is lower, and so the fact that we have had four or five reports of this happening to UA members here, and zero reports (apparently) in other forums, doesn't really mean it isn't just as prevalent there, it could just be that the rate is low enough that you wouldn't expect to see any.
DaviddesJ is offline  
Old Apr 20, 14, 11:59 pm
  #378  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 60,068
Originally Posted by DaviddesJ View Post
I'm not saying it couldn't happen, just that there are fewer Lufthansa members than UA members booking on CA in the first place, and then the probability that one of them would report their experience on FT is lower, and so the fact that we have had four or five reports of this happening to UA members here, and zero reports (apparently) in other forums, doesn't really mean it isn't just as prevalent there, it could just be that the rate is low enough that you wouldn't expect to see any.
While I understand the point and assumptions, the Miles & More program does have 25M+ members and is used by a dozen+ different European airlines --- UA is the only *A program bigger than M&M. And Europeans have very significant business and tourist trade with China.
WineCountryUA is offline  
Old Apr 21, 14, 12:05 am
  #379  
 
Join Date: Oct 2009
Programs: UA 1K, Hilton ♦ , Hyatt Carbonado, Wyndham ♦, Marriott PE, "Stinking Bum" elsewhere.
Posts: 4,169
Originally Posted by critten View Post
canceled out my whole Itin including asiana and united metal.
Sorry this happened to you too.

My itinerary was BKK-TPE (BR-J), TPE-PEK (BR-J), PEK-LAX (CA-F).
I didn't even get a message with my cancellation. It just disappeared out of my reservation queue.

As with you, all of my flights were cancelled. I ended-up with BKK-NRT (TG-J on A380) and NRT-LAX in BF on a UA 787. I lost my stopover (<24h) to see a friend in Taipei, so it really screwed my plans up.

Interesting times, these.
zombietooth is offline  
Old Apr 21, 14, 12:11 am
  #380  
In Memoriam, FlyerTalk Evangelist
 
Join Date: Jun 2000
Location: Benicia CA
Programs: Alaska MVP Gold 75K, AA 3.8MM, UA 1.1MM, enjoying the retired life
Posts: 31,845
Originally Posted by zombietooth View Post
As with you, all of my flights were cancelled. I ended-up with BKK-NRT (TG-J on A380) and NRT-LAX in BF on a UA 787. I lost my stopover (<24h) to see a friend in Taipei, so it really screwed my plans up.
Did you take a financial hit on any prepaid ground arrangements or paid flights? Looks like the newest poster, who is waiting to deal with UA on Monday morning, has a lot at risk if they can't recreate something close to his original itinerary for a party of 4.

Originally Posted by critten View Post
This is horrible i already have 3k worth of tours booked!
tom911 is offline  
Old Apr 21, 14, 12:13 am
  #381  
 
Join Date: Jan 2013
Location: 대한민국 (South Korea) - ex-PVG (上海)
Programs: UA MM / LT Gold (LT UC), DL SM, AA PLT (AC), OZ, KE; GE and Korean SES (like GE); Marriott Gold
Posts: 1,996
While it might be the case the cancelled seats on the Air China flights don't go back into award [inventory] right away, my guess is that Air China allows members of their own frequent flyer program to waitlist on awards (I know several Asian carriers allow their members to waitlist for awards for flights on their own metal)? My speculation is that a mileage broker may have had their clients waitlisted on the Air China flights for the desired travel dates, made a phone call to one of their "corrupt contacts" at Air China (someone who has a way to pull up passenger lists) for the name/UA PNR of anyone with existing reservations, and then go to the United website to cancel the booking. Once the reservation is cancelled, even if it takes a few hours for the seats to go back into award inventory, those who have already waitlisted for them (Air China FF members) would automatically [and quickly] have them confirmed.
Comments in brackets are mine.

Exactly! I suspect that this is what is happening. Strange things happen in China, and most of the time it is for an "important" person, who would likely be an Air China FF. Even if access is not the case, UA has to get rid of the 4-digit numerical password; there are only 10,000 combinations so there must be hundreds or thousands of duplicates.
relangford is offline  
Old Apr 21, 14, 12:16 am
  #382  
Suspended
 
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Originally Posted by relangford View Post
UA has to get rid of the 4-digit numerical password; there are only 10,000 combinations so there must be hundreds or thousands of duplicates.
There are millions of duplicates, because if you've got 60 million UA members then every single one of them has the same PIN as roughly 6,000 other people. But this is the least of their problems, there's no reason to believe that anyone is cracking UA accounts by guessing PINs.
DaviddesJ is offline  
Old Apr 21, 14, 12:22 am
  #383  
 
Join Date: Jan 2013
Location: 대한민국 (South Korea) - ex-PVG (上海)
Programs: UA MM / LT Gold (LT UC), DL SM, AA PLT (AC), OZ, KE; GE and Korean SES (like GE); Marriott Gold
Posts: 1,996
there's no reason to believe that anyone is cracking UA accounts by guessing PINs.
Agreed, but it has the potential for hacking or other mischief. My AA, DL, OZ, KE, CS, US, etc. passwords can be alphanumatic and long (which they are). It is the PIN access that is a problem.

Last edited by relangford; Apr 21, 14 at 6:46 pm Reason: Added correction for PIN.
relangford is offline  
Old Apr 21, 14, 12:24 am
  #384  
 
Join Date: Oct 2009
Programs: UA 1K, Hilton ♦ , Hyatt Carbonado, Wyndham ♦, Marriott PE, "Stinking Bum" elsewhere.
Posts: 4,169
Originally Posted by tom911 View Post
Did you take a financial hit on any prepaid ground arrangements or paid flights? Looks like the newest poster, who is waiting to deal with UA on Monday morning, has a lot at risk if they can't recreate something close to his original itinerary for a party of 4.
Not to any great extent. My wife's itinerary was left intact (different PNR), so I had to come into LAX approx. 24 hours before her, thanks to the forced changes. She enjoyed an extra free day at the Grand Hyatt Erawan in BKK, because they very kindly gave her a late check-out till 8 PM (I departed at 5 AM).

So, I guess I am out one extra taxi fare (400 Bht) and one night at the Hyatt Place LAX, around $200- in total.

I really feel for critten, though. 3K is a lot to worry about for these booking shenanigans.
zombietooth is offline  
Old Apr 21, 14, 12:25 am
  #385  
Suspended
 
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Originally Posted by relangford View Post
Agreed, but it has the potential for hacking or other mischief. My AA, DL, OZ, KE, CS, US, etc. passwords can be alphanumatic and long (which they are).
Your UA password is alphanumeric and long, too. And I use my password to log in, not my PIN. But I agree that they should disable the option to log into the website with PINs, or at least allow us the option to turn it off (and this is an easy change for them to make, and it will probably come sooner or later). I just think they also have many bigger problems.
DaviddesJ is offline  
Old Apr 21, 14, 1:54 am
  #386  
 
Join Date: Jun 2006
Location: Sun & beach destinations
Programs: UA-lifetime Platinum (2MM), IHG-Amb, HH-Diamond, Hertz-PC, Marriott-Gold, CX-AM
Posts: 1,427
I've just changed my award reservation that contains CA segments to different carriers but somehow the reservation still attaches the old CA record locator even though the reservation no longer contains CA segment. I asked the 1K agent if it's possible to remove the CA record locator but she said it wasn't possible. Is that true? I still worry my reservation will still be mysteriously canceled by hackers because of the old CA record locator. Any advice?
GordonGordon is offline  
Old Apr 21, 14, 2:17 am
  #387  
FlyerTalk Evangelist
 
Join Date: Jul 2003
Location: Florida
Posts: 28,938
Originally Posted by GordonGordon View Post
I've just changed my award reservation that contains CA segments to different carriers but somehow the reservation still attaches the old CA record locator even though the reservation no longer contains CA segment. I asked the 1K agent if it's possible to remove the CA record locator but she said it wasn't possible. Is that true? I still worry my reservation will still be mysteriously canceled by hackers because of the old CA record locator. Any advice?
It is not possible to remove old PNR even though the partner flight is no longer in the itinerary. I have US flights replaced by UA flights, yet the US PNR remains attached to the itinerary.
Happy is offline  
Old Apr 21, 14, 2:25 am
  #388  
 
Join Date: Jul 2010
Location: London, UK
Programs: BA Gold, UA Nobody, Hilton Gold
Posts: 2,372
Have any of the affected people contacted the FBI? This is a significant case of computer crime perpetrated against Americans/American computer systems. Whilst I'm under no illusion that they'll find the perpetrators a call from the Feds might at least cause UA to sharpen their act.

Also in the UK credit card companies are jointly and severally liable for anything where you put more than $100 on the card (even if it's only partial payment for a service), is that the case in the US and if so is there a route through the credit card company?
alex_b is offline  
Old Apr 21, 14, 2:29 am
  #389  
Suspended
 
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Originally Posted by alex_b View Post
Also in the UK credit card companies are jointly and severally liable for anything where you put more than $100 on the card (even if it's only partial payment for a service), is that the case in the US and if so is there a route through the credit card company?
This isn't much help since obviously the victims already have the option to get their miles and payment back. Indeed, that's what they are being offered. Credit card companies generally aren't going to cover indirect damages (e.g., if you buy a product with your credit card which turns out to be defective, they might cover the cost of the product but they aren't going to pay for damages you suffer as a result of the inadequacies of the defective product).
DaviddesJ is offline  
Old Apr 21, 14, 2:46 am
  #390  
 
Join Date: Jul 2010
Location: London, UK
Programs: BA Gold, UA Nobody, Hilton Gold
Posts: 2,372
Originally Posted by DaviddesJ View Post
This isn't much help since obviously the victims already have the option to get their miles and payment back. Indeed, that's what they are being offered. Credit card companies generally aren't going to cover indirect damages (e.g., if you buy a product with your credit card which turns out to be defective, they might cover the cost of the product but they aren't going to pay for damages you suffer as a result of the inadequacies of the defective product).
That isn't the way the UK law - S75 of the Consumer Credit Act - works (as I understand it). The credit card company is jointly and severally liable for breach of contract or misrepresentation by the supplier. Now I'm not sure if similar statutes exist in the US or if a breach of contract claim could be made out in these circumstances; however if it could, specific performance rather than refund would be a possible outcome.
alex_b is offline  

Thread Tools
Search this Thread