2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
May 13, 14, 4:42 am - Wikipost
|
|||
|
|||
|
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.
It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat. Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
Originally Posted by ordbkk
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四) united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户 先生 ORDBKK 您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。 如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。 感谢您使用 united.com 电子邮件信息 请不要使用“回复”地址回复此邮件。 此电子邮件中的信息仅供原接收人使用。 如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。 通知:机票取消确认 电子邮件地址: [email protected]
Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected: MikeMpls nihaoa lewende (reported 4 friends with this issue) ordbkk twebst kb1992 litesleeper zombietooth critten skyvanman (also 1 friend with the issue) jefftiger (but, happened during October 2013) So we're at 13 people affected, although some like critten have had multiple trips canceled. From what I understand, all of these occurred in the last 3 weeks. 
|
Apr 23, 14, 11:19 pm
#556
Join Date: Mar 2012
Programs: UA/MM/1K
Posts: 178
2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)
How about a simple solution...canceling award booking should also require the PIN number for the MP account where the miles came from and preventing CA to cancel 016 bookings.
Apr 23, 14, 11:27 pm
#557
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Originally Posted by acesflyerSFO
How about a simple solution...canceling award booking should also require the PIN number for the MP account where the miles came from and preventing CA to cancel 016 bookings.
(You want this to apply to changes, too, right? Otherwise the hacker could just change your flights, which from the point of view of inventory is as good as cancelling them. There are a number of things like this that you need to think about.)
Apr 24, 14, 12:16 am
#558
FlyerTalk Evangelist
Join Date: Oct 2006
Location: SFO/SJC
Programs: UA Silver, Marriott Gold, Hilton Gold
Posts: 13,710
Originally Posted by DaviddesJ
It's conceptually simple, but I wouldn't expect UA (or any airline) to be able to implement it overnight. You're asking to create a whole new verification check on the website that never existed before. They also undoubtedly have some fairly extensive deployment process for pushing out new code to their servers. I expect they could do it, but it would take them weeks, not days.
I've worked on company intranet/internet sites before - not on the programing side, but on the content/management/QA side (working with the team that codes). Sounds easy, but takes time to code, test, QA, etc. And the sites I've worked on are much less complicated than UAs. While also hard to believe, I've also found through this experience that sometimes, the changes that sound more complicated are actually the easiest to implement, while the ones that sound the easiest can take the longest to implement.
Apr 24, 14, 12:57 am
#559
Join Date: Dec 2000
Location: Seat 1A
Programs: Non-status paid F/J (best value for $$$)
Posts: 4,092
Originally Posted by acesflyerSFO
How about a simple solution...canceling award booking should also require the PIN number for the MP account where the miles came from and preventing CA to cancel 016 bookings.
Apr 24, 14, 1:09 am
#560
Suspended
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Originally Posted by daniellam
A even more simpler (and short term) solution would be for United to disable the "cancel booking" function and require the passenger to call the call center to cancel the booking.
Apr 24, 14, 4:14 am
#561
Join Date: Aug 2007
Location: IAH
Programs: UACO Plat/1K, DL Plat, Hertz 5*, Avis - PC, SPG Gold, Colorado Pass
Posts: 228
Just got cancelled
IAH-PEK-ICN-PEK-IAH in I x 2 for a trip in May. Received something chinese in an email. Not happy. Will have to make some phone calls soon.
Last edited by atiger29; Apr 24, 14 at 4:15 am Reason: added fare class
Apr 24, 14, 4:27 am
#562
Join Date: Jul 2000
Location: AUH
Posts: 7,926
Originally Posted by DaviddesJ
Talk about throwing out the baby with the bathwater. And 'change flights' too, of course? Millions of people use these services, you know. An even simpler solution would be for UA to shut down operations. Then there would never be any hacking at all.
I'd say most FFPs that I'm a member of require me to call in order to cancel an award - it's nowhere near as outlandish as you seem to suggest. In fact, I'm surprised that it involves so little security to cancel as it stands currently.
In light of the apparent breach of security, I agree that disabling the online cancel option is by far the best solution on the balance.
Apr 24, 14, 4:50 am
#563
Join Date: Sep 2006
Location: CLE
Programs: CO Gold - 1MM, IC Plat, Hertz PC
Posts: 1,644
Originally Posted by atiger29
IAH-PEK-ICN-PEK-IAH in I x 2 for a trip in May. Received something chinese in an email. Not happy. Will have to make some phone calls soon.
Apr 24, 14, 5:38 am
#564
Join Date: Aug 2007
Location: IAH
Programs: UACO Plat/1K, DL Plat, Hertz 5*, Avis - PC, SPG Gold, Colorado Pass
Posts: 228
Originally Posted by CLEHillbilly
This just happened today?
Apr 24, 14, 6:56 am
#565
Join Date: May 2012
Programs: Delta Plat, UA Plat, Hilton Diamond, SPG Gold
Posts: 255
Originally Posted by atiger29
Yep. 4:53am CST. I had been monitoring this thread thanks to the OP. I guess everyone should be forewarned if booked with CA.
Apr 24, 14, 7:22 am
#566
Join Date: Jul 2013
Location: DAY/CMH
Programs: UA MileagePlus
Posts: 2,473
Originally Posted by emcampbe
....I've also found through this experience that sometimes, the changes that sound more complicated are actually the easiest to implement, while the ones that sound the easiest can take the longest to implement.
Apr 24, 14, 7:31 am
#567
FlyerTalk Evangelist
Join Date: Dec 2007
Location: BOS/ORH
Programs: AS 75K
Posts: 18,234
Originally Posted by critten
I'll PM you some contacts. Good luck getting rebooked. Seems IAH-PEK is popular :P They put me on IAH-SFO-PEK Dreamliner, 747-400
I'd be curious as to what routes are the ones being cancelled.Im debating switching now to a different routing. Really wanted to try CA F but it seems the seat in 777-300ER isnt much different than the TG A380 F seat.
Apr 24, 14, 7:35 am
#568
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,959
Originally Posted by stargold
Talk about an overreaction yourself.
I'd say most FFPs that I'm a member of require me to call in order to cancel an award - it's nowhere near as outlandish as you seem to suggest. In fact, I'm surprised that it involves so little security to cancel as it stands currently.
In light of the apparent breach of security, I agree that disabling the online cancel option is by far the best solution on the balance.
I'd say most FFPs that I'm a member of require me to call in order to cancel an award - it's nowhere near as outlandish as you seem to suggest. In fact, I'm surprised that it involves so little security to cancel as it stands currently.
In light of the apparent breach of security, I agree that disabling the online cancel option is by far the best solution on the balance.
Apr 24, 14, 7:37 am
#569
Join Date: Jul 2003
Location: BOS, PVG
Programs: United Global Services and 1MM, Marriott Ambassador
Posts: 9,237
Originally Posted by DaviddesJ
Talk about throwing out the baby with the bathwater. And 'change flights' too, of course? Millions of people use these services, you know. An even simpler solution would be for UA to shut down operations. Then there would never be any hacking at all.
Disabling online "cancel" function is bad. Don't mind a PIN requirement.
Apr 24, 14, 8:10 am
#570
FlyerTalk Evangelist
Join Date: Dec 2007
Location: BOS/ORH
Programs: AS 75K
Posts: 18,234
Originally Posted by kb1992
Have to agree on this.
Disabling online "cancel" function is bad. Don't mind a PIN requirement.
Disabling online "cancel" function is bad. Don't mind a PIN requirement.
I'm not sure why UA cannot just lock specific reservations from changes. I mean what does their corporate security do when they investigate a MP account for fraud? Surely they lock things down
Last edited by CDKing; Apr 24, 14 at 8:17 am
