Last edit by: Pat89339
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members with links to where in this discussion they posted their experiences include:
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.
Affected FlyerTalk members with links to where in this discussion they posted their experiences include:
- MikeMpls
- nihaoa
- lewende Reported 4 friends with this issue
- ordbkk
- twebst
- kb1992
- litesleeper
- zombietooth
- critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
- skyvanman Also 1 friend with the issue
- chris1234
- atiger29
- bubble o bill
- genemk2
- jefftiger
- CuddlyFlyer
- gpeso8
- imm2b
- acf1270
- dgxoxo
- ACM two passengers
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用回复地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus) 奖励里程 | 我的帐户
先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。
如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。
感谢您使用 united.com
电子邮件信息
请不要使用回复地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: ORDBKK@MYEMAIL
Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:
MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)
So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
#496
Join Date: Mar 2003
Posts: 1,232
ALL of those effected need to :
1. Send an email to Smisek, Compton, O''Toole
2. Copy all correspondence to Scott McCartney at WSJ, Christopher Elliot at Elliot.org, Ben Mutzabaugh at USA Today , and the Conde Nast Ombudsmen department
3.Send a complaint to the DOT - they may not be able to help but need to be aware of the situation , especially if this is a major hack or lack of security
Just my 2 cents
1. Send an email to Smisek, Compton, O''Toole
2. Copy all correspondence to Scott McCartney at WSJ, Christopher Elliot at Elliot.org, Ben Mutzabaugh at USA Today , and the Conde Nast Ombudsmen department
3.Send a complaint to the DOT - they may not be able to help but need to be aware of the situation , especially if this is a major hack or lack of security
Just my 2 cents
#497
FlyerTalk Evangelist
Join Date: Dec 2007
Location: BOS/ORH
Programs: AS 75K
Posts: 18,323
I'm questioning the same if there is someting i need to do to indicate to UA that i have no plans on making any changes to my reservation?
#498
FlyerTalk Evangelist
Join Date: Mar 2010
Location: DAY
Programs: UA 1K 1MM; Marriott LT Titanium; Amex MR; Chase UR; Hertz PC; Global Entry
Posts: 10,137
Fingers crossed for everyone.
(I contemplated reserving a CA leg for an upcoming trip, but went with ANA instead. Seems I chose wisely...for once.)
#499
Join Date: Mar 2013
Location: India, & Great State of TEXAS
Programs: AA EX-Plat ** , UA 1K, IHG platinum
Posts: 102
I am not sure how they document telephone CS interactions, But you will at least have it well documented incase . You cannot plan these trips and then hope your reservation stays good till your day of travel. UA should have a system in place at least to stop any more of these hacks by now. why cant they block electronic cancellations of any reservations that have a CA leg or CA confirmation numbers?
Last edited by IAHUArunner; Apr 22, 2014 at 12:15 pm Reason: typo
#500
FlyerTalk Evangelist
Join Date: Mar 2012
Posts: 19,395
ALL of those effected need to :
1. Send an email to Smisek, Compton, O''Toole
2. Copy all correspondence to Scott McCartney at WSJ, Christopher Elliot at Elliot.org, Ben Mutzabaugh at USA Today , and the Conde Nast Ombudsmen department
3.Send a complaint to the DOT - they may not be able to help but need to be aware of the situation , especially if this is a major hack or lack of security
Just my 2 cents
1. Send an email to Smisek, Compton, O''Toole
2. Copy all correspondence to Scott McCartney at WSJ, Christopher Elliot at Elliot.org, Ben Mutzabaugh at USA Today , and the Conde Nast Ombudsmen department
3.Send a complaint to the DOT - they may not be able to help but need to be aware of the situation , especially if this is a major hack or lack of security
Just my 2 cents
#503
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
If I were affected by this (thankfully, I'm not) I would additionally, given the lack of responsiveness from the airline(s) involved, contact my senators and congress critter as well as the U.S. Secretaries of Transportation, Homeland Security, and Commerce. DHS because the ability to manipulate PNRs so cavalierly has obvious security implications and Commerce because the fraudulent activity is taking place via the Internet. Perhaps a full broadside might get United's attention?
#504
Moderator: Mileage Run, United Airlines; FlyerTalk Evangelist
Join Date: Jan 2004
Location: The City/Honolulu
Programs: UA 3MM; Hyatt Glob*****; Hilton Diamond
Posts: 14,472
Since the first post on this matter was on March 31st, don't you think they should have been researching this already? I am, frankly, appalled that it has taken them this long to reach out to those affected.
#505
Join Date: Apr 2014
Posts: 13
UA has engaged with me as well...they have formed a team to work this...hoping for a good outcome. Fingers appropriately crossed!
#506
Join Date: Jan 2010
Location: Aussie in ORD
Programs: Marriott Plat, Ua Gold, GE.. Sucker for punishment
Posts: 4,237
All I can say is that anyone who doubts the value of FT in this is kidding them selves! I have watched this thread with interest and have no doubt it has played a major role..
(Gratefully unaffected!)
(Gratefully unaffected!)
#507
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,165
#508
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,961
He's talking about referring the cancellation of CA award travel to the Department of Homeland Security, because of its obvious security implications. Feel free to explain what those are.
#509
Join Date: May 2001
Location: Portland, OR, USA
Programs: UA 1K 3 Million/ex-many year GS, AA PLT/2 Mil, AS MVPG, HH Dia, Starwood Life Plat, Hertz PC
Posts: 1,401
I agree that contacting DHS would be pretty far over the top. However, I will observe in a more level manner that UA definitely represents critical infrastructure within the US in the sense that a massive disruption of UA services would cost the US economy quite a lot. The type of security hole that this seems to represent (i.e., unprotected cancellation of other people's reservation) isn't limited to award tickets issued with CA segments. It is a general security hole. Were someone able to get a list of RLs/Names one could certainly create havoc for a day or two with business travel even within the US. The safeguard would seem to be that you can't get that list unless you have segments on other carriers that do not safeguard that information. However, since I doubt that anyone has seriously considered RL/Name pairs particularly sensitive information (private sure but sensitive likely less so) it is hard to know how difficult/easy acquiring such a list would be. This is why I noted earlier that UA is operating here with well below what I would call industry standard practice security. Doing that, at the least, exposes UA to sanctions either via legal processes or via DOT, but moreover it creates unnecessary risk to the larger transport system integrity were someone to get such a list and do mass cancellations.
#510
Join Date: Mar 2013
Location: India, & Great State of TEXAS
Programs: AA EX-Plat ** , UA 1K, IHG platinum
Posts: 102
That is good. Hopefully they can work out something with CA. Meanwhile all who checking their reservations 5 times a day expecting the worse, keep doing the same. When will we see an official announcement about this from UA?