Apr 21, 2014, 11:37 am
Last edit by: Pat89339
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
- MikeMpls
- nihaoa
- lewende Reported 4 friends with this issue
- ordbkk
- twebst
- kb1992
- litesleeper
- zombietooth
- critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
- skyvanman Also 1 friend with the issue
- chris1234
- atiger29
- bubble o bill
- genemk2
- jefftiger
- CuddlyFlyer
- gpeso8
- imm2b
- acf1270
- dgxoxo
- ACM two passengers
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
Apr 21, 2014, 10:54 am
#421
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,961
Note that you can also, using the PNR, connect another person's reservation to your own account, at which point you can do anything on it that you would have done with a reservation you made yourself. In fact, after you do that I'm not even sure if the system distinguishes whether you made it or not.
Apr 21, 2014, 10:55 am
#422
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
I've done this many times on behalf of friends and family, so I'm certainly not 'stunned' by it.
Note that you can also, using the PNR, connect another person's reservation to your own account, at which point you can do anything on it that you would have done with a reservation you made yourself. In fact, after you do that I'm not even sure if the system distinguishes whether you made it or not.
Note that you can also, using the PNR, connect another person's reservation to your own account, at which point you can do anything on it that you would have done with a reservation you made yourself. In fact, after you do that I'm not even sure if the system distinguishes whether you made it or not.
Apr 21, 2014, 10:57 am
#423
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,322
It doesn't say logged in to an account. It's saying that a user connected to united.com as a guest, i.e., without logging in to any account. It's imprecisely stated but not all that far outside common usage (you can find lots of modern examples of people using 'log in' to mean 'visit a website in a browser'), although they wouldn't be among people who have been computing for decades.
I honestly don't think they know what is going on with Air China and award tickets - I had a bunch of Air China flights (revenue) last month and all were fine. I hope that corporate security is looking in to this as there are too many people specifically targeted and affected for this to be random...
Apr 21, 2014, 10:59 am
#424
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,961
It seems pretty clear that it's only happening to CA award tickets. Maybe CA's system earmarks a fixed number of seats for award travel on each flight, so if you cancel one of them even a short time before departure, it invariably opens up for someone to grab it as an award seat.
Apr 21, 2014, 11:00 am
#425
Join Date: May 2001
Location: Portland, OR, USA
Programs: UA 1K 3 Million/ex-many year GS, AA PLT/2 Mil, AS MVPG, HH Dia, Starwood Life Plat, Hertz PC
Posts: 1,401
I've done this many times on behalf of friends and family, so I'm certainly not 'stunned' by it.
Note that you can also, using the PNR, connect another person's reservation to your own account, at which point you can do anything on it that you would have done with a reservation you made yourself. In fact, after you do that I'm not even sure if the system distinguishes whether you made it or not.
Note that you can also, using the PNR, connect another person's reservation to your own account, at which point you can do anything on it that you would have done with a reservation you made yourself. In fact, after you do that I'm not even sure if the system distinguishes whether you made it or not.
Apr 21, 2014, 11:02 am
#426
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,961
That's not going to get you much closer to me personally.
When you put forth your verification ideas, you have to remember that not everyone who is a UA customer or Mileage Plus member even has an email address, or an online login. UA could require some things that they don't now require, but that would be a change. Probably some such changes are appropriate anyway, sooner or later.
I don't think there are any domestic US airlines whose practices are any different than UA on this point.
People could also just start calling up UA and canceling your reservations while claiming to be you. Lots of people do that and they don't even have the PNR, if you give UA your flight information and say you don't have your PNR handy they will look it up for you.
The most direct way to solve this particular problem would be if CA started clawing back the seats from the fraudsters. That would take away the incentive, and the problem would largely disappear.
Apr 21, 2014, 11:04 am
#427
Join Date: Nov 2003
Location: Philadelphia, PA, USA
Programs: United 1K (after 15 years GS) 3MM, Marriott LTTitanium
Posts: 559
It seems pretty clear that it's only happening to CA award tickets. Maybe CA's system earmarks a fixed number of seats for award travel on each flight, so if you cancel one of them even a short time before departure, it invariably opens up for someone to grab it as an award seat.
Apr 21, 2014, 11:07 am
#428
FlyerTalk Evangelist
Join Date: Dec 2003
Location: LAX
Posts: 10,912
Can anyone who reads chinese check flyertea (flyertalk knockoff in china for those not familiar) site to see if similar reports are posted there?
Apr 21, 2014, 11:09 am
#429
FlyerTalk Evangelist
Join Date: Nov 2004
Location: ORD
Programs: UA 1K
Posts: 16,901
Question.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Apr 21, 2014, 11:11 am
#430
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,976
Not that easy. If an agent is involved into it, it would be a lot harder for strangers to cancel your award booking. As a counter measure, one may start asking UA agents to add notes/comments on award booking PNRs to protect from malicious cancellation, but as for non-human involvement process which the Chinese brokers engage right now, so far there is nothing you can do to protect your award booking.
Apr 21, 2014, 11:13 am
#431
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
Question.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Apr 21, 2014, 11:14 am
#432
Join Date: May 2001
Location: Portland, OR, USA
Programs: UA 1K 3 Million/ex-many year GS, AA PLT/2 Mil, AS MVPG, HH Dia, Starwood Life Plat, Hertz PC
Posts: 1,401
By 'me' you mean 'one of a hundred random Mileage Plus accounts I just made', right?
That's not going to get you much closer to me personally.
When you put forth your verification ideas, you have to remember that not everyone who is a UA customer or Mileage Plus member even has an email address, or an online login. UA could require some things that they don't now require, but that would be a change. Probably some such changes are appropriate anyway, sooner or later.
I don't think there are any domestic US airlines whose practices are any different than UA on this point.
People could also just start calling up UA and canceling your reservations while claiming to be you. Lots of people do that and they don't even have the PNR, if you give UA your flight information and say you don't have your PNR handy they will look it up for you.
The most direct way to solve this particular problem would be if CA started clawing back the seats from the fraudsters. That would take away the incentive, and the problem would largely disappear.
That's not going to get you much closer to me personally.
When you put forth your verification ideas, you have to remember that not everyone who is a UA customer or Mileage Plus member even has an email address, or an online login. UA could require some things that they don't now require, but that would be a change. Probably some such changes are appropriate anyway, sooner or later.
I don't think there are any domestic US airlines whose practices are any different than UA on this point.
People could also just start calling up UA and canceling your reservations while claiming to be you. Lots of people do that and they don't even have the PNR, if you give UA your flight information and say you don't have your PNR handy they will look it up for you.
The most direct way to solve this particular problem would be if CA started clawing back the seats from the fraudsters. That would take away the incentive, and the problem would largely disappear.
I do agree however that CA should be acting to claw back the fruits of this theft and that would solve *this* instance of the problem.
Apr 21, 2014, 11:15 am
#433
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,322
Question.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Apr 21, 2014, 11:18 am
#434
FlyerTalk Evangelist
Join Date: Dec 2003
Location: LAX
Posts: 10,912
Question.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Who has access to passenger lists that include PNRs and last names? Only the airlines, or can a TA see that as well. More specifically to the point, how much detail can they see? Can a TA see from some manifest that Smith/J booked a ticket on a CA using UA miles on PRN xxxxxx.
Even without TA access some individual of questionable moral character working for CA can definitely find this info and provide to another individual of even more questionable moral character who would cancel someone's award and book a client on miles while getting paid $. I can easily picture this scenario happening in China. Booking someone on miles and collecting $ (with client believing he was paying for a normal ticket) was a common occurrence there as least in the past.
Apr 21, 2014, 11:21 am
#435
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.7MM, AA 2.1MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 6,322
Trust me - it still is! Have you seen the "stores" that sell air tickets that are pasted on their windows? I had to let someone go in china because they were purchasing higher class airfare tickets - and expensing it at the higher class - selling it to these wholesalers, and then purchasing a lower fare class ticket and flying on that.... In may ways China is like the wild west - anything goes....