Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

    Hide Wikipost
Old May 13, 14, 4:42 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: Pat89339
Wiki Link
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.

It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.

Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
  1. MikeMpls
  2. nihaoa
  3. lewende Reported 4 friends with this issue
  4. ordbkk
  5. twebst
  6. kb1992
  7. litesleeper
  8. zombietooth
  9. critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
  10. skyvanman Also 1 friend with the issue
  11. chris1234
  12. atiger29
  13. bubble o bill
  14. genemk2
  15. jefftiger
  16. CuddlyFlyer
  17. gpeso8
  18. imm2b
  19. acf1270
  20. dgxoxo
  21. ACM two passengers
Originally Posted by ordbkk View Post
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户

先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。

如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。

感谢您使用 united.com

电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: [email protected]

Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:

MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)

So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
Print Wikipost

Old Apr 9, 14, 3:22 pm
  #46  
Suspended
 
Join Date: Aug 2010
Location: DCA
Programs: UA US CO AA DL FL
Posts: 50,269
The most important things to do here are:

1. Change password & PIN immediately. You have two different UA people pointing to "your computer". While further investigation might provide an IP address, it is easy for UA to see in the PNR code, how a cancellation occurred.

2. Take the UA supervisor's advice and call during regular business hours in the USA. UA will have an agent who acts as their liaison with CA. It will take time, but that is the only way to have effective communications between the two carriers. It is far from clear to me that CA will restore what OP had, but it is worth a shot.

3. In the meantime, take what UA offers. The passage of time does not work in your favor.
Often1 is offline  
Old Apr 9, 14, 3:52 pm
  #47  
Moderator, Omni, Omni/PR, Omni/Games, FlyerTalk Posting Legend
 
Join Date: Oct 2004
Location: Between DCA and IAD
Programs: UA 1K MM; Hilton Diamond
Posts: 63,370
Originally Posted by Often1 View Post
3. In the meantime, take what UA offers. The passage of time does not work in your favor.
I'd push UA to open GF or BF inventory if rebooking on their metal.
exerda is offline  
Old Apr 9, 14, 4:33 pm
  #48  
 
Join Date: Oct 2012
Location: ORD/IND
Programs: UA Platinum, Avis Preferred, Hertz PC, Hyatt Discoverist , Marriott Titanium
Posts: 739
Did you happen to share your itinerary with anyone that might want to mess with you??

All you need to cancel someone's flight(s) are the PNR and last name. If someone has those two things they can pull up your flight(s) and do pretty much anything they want as if they were you. If there were additional charges or something then they'd have to whip out their CC to make the payment but anything else is fair game.
JDS747 is offline  
Old Apr 10, 14, 3:59 pm
  #49  
 
Join Date: Jul 2010
Programs: UA
Posts: 255
Thanks for all your suggestions! Password/pin changed. Called UA again and talked to a supervisor based in Utah. She way patient and kind, and called CA, but CA refused to reinstate the itin. At the end, she requested 2 F open on that day for UA metal. In addition, she told me the IP address was the same for booking and cancellation, but clearly that day none of us used computer. So very strange.
nihaoa is offline  
Old Apr 10, 14, 4:17 pm
  #50  
A FlyerTalk Posting Legend
 
Join Date: Apr 2013
Location: PHX/SFO
Programs: AA EXP; AS 75K; WN A List; UA 1K 1MM; Hyatt Globalist; Marriott AMB; Hilton Diamond (Aspire)
Posts: 50,459
Originally Posted by nihaoa View Post
Thanks for all your suggestions! Password/pin changed. Called UA again and talked to a supervisor based in Utah. She way patient and kind, and called CA, but CA refused to reinstate the itin. At the end, she requested 2 F open on that day for UA metal. In addition, she told me the IP address was the same for booking and cancellation, but clearly that day none of us used computer. So very strange.
^

Nice to hear about a positive result, and kudos to UA for a very kind customer service gesture.
Kacee is offline  
Old Apr 10, 14, 6:03 pm
  #51  
 
Join Date: Feb 2012
Posts: 2,933
Originally Posted by nihaoa View Post
Thanks for all your suggestions! Password/pin changed. Called UA again and talked to a supervisor based in Utah. She way patient and kind, and called CA, but CA refused to reinstate the itin. At the end, she requested 2 F open on that day for UA metal. In addition, she told me the IP address was the same for booking and cancellation, but clearly that day none of us used computer. So very strange.
She requested 2 f/c seats on UA flights, but did you get them confirmed and does your itin show ticketed?
LilAbner is offline  
Old Apr 10, 14, 11:10 pm
  #52  
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 36,787
Originally Posted by nihaoa View Post
Thanks for all your suggestions! Password/pin changed. Called UA again and talked to a supervisor based in Utah. She way patient and kind, and called CA, but CA refused to reinstate the itin. At the end, she requested 2 F open on that day for UA metal. In addition, she told me the IP address was the same for booking and cancellation, but clearly that day none of us used computer. So very strange.
Did you give her your IP to compare to what's in her records?


At first I was thinking that this might be related to the problems we have been hearing of with bogus changes happening that have gotten me to think that perhaps somebody's been sloppy with their programming and they have some sort of concurrency bug. However, that wouldn't explain the IP addresses.

Work or home computer? Could someone with physical access want to cause trouble?
Loren Pechtel is offline  
Old Apr 10, 14, 11:38 pm
  #53  
 
Join Date: Jul 2010
Programs: UA
Posts: 255
Yes, it is confirmed and ticketed.

Originally Posted by LilAbner View Post
She requested 2 f/c seats on UA flights, but did you get them confirmed and does your itin show ticketed?
I don't know my IP address. It is home computer. I used the one she provided and checked at IPwhois, and I believe it was my Internet provider's IP.

Originally Posted by Loren Pechtel View Post
Did you give her your IP to compare to what's in her records?


At first I was thinking that this might be related to the problems we have been hearing of with bogus changes happening that have gotten me to think that perhaps somebody's been sloppy with their programming and they have some sort of concurrency bug. However, that wouldn't explain the IP addresses.

Work or home computer? Could someone with physical access want to cause trouble?

Last edited by FlyinHawaiian; Apr 11, 14 at 4:41 am Reason: multi-quote
nihaoa is offline  
Old Apr 11, 14, 5:04 am
  #54  
FlyerTalk Evangelist
 
Join Date: Aug 2002
Location: Bay Area, CA
Programs: UA Plat 2MM; AS MVP Gold 75K
Posts: 35,056
Originally Posted by nihaoa View Post
I don't know my IP address. It is home computer. I used the one she provided and checked at IPwhois, and I believe it was my Internet provider's IP.

Don't worry about the IP address comment. The history in SHARES is so convoluted, they probably didn't read it right anyway.

Last edited by FlyinHawaiian; Apr 11, 14 at 5:13 am Reason: let's cut back on the trolling, ok?
channa is offline  
Old Apr 11, 14, 1:02 pm
  #55  
 
Join Date: Jan 2010
Location: SAN
Posts: 147
Originally Posted by GBadger View Post
There was another recent thread on this. I think it has to do with Air China flights that were cancelled -- Air China basically cancelled the reservations instead of re-routing/re-ticketing. Don't have time to re-read that thread, but it may be a good starting place!
I don't think Air China canceled the tickets but someone who stole airchina's pax data base did this..

If Air China needs to cancel the ticket, then CA should tell directly to United. After that United should inform the pax in pax's setting language or English.. If the account holder received an email in Chinese, does it mean the ticket had been cancelled through United.com in Chinese?
thinthin is offline  
Old Apr 11, 14, 2:34 pm
  #56  
 
Join Date: Jan 2006
Location: DEN
Programs: UA 1K, DL, AA, AS, HHonors, SPG, Kimpton, Hyatt, IC PC, Marriott Titanium, Hertz PC
Posts: 7,182
Originally Posted by thinthin View Post
If Air China needs to cancel the ticket, then CA should tell directly to United. After that United should inform the pax in pax's setting language or English.. If the account holder received an email in Chinese, does it mean the ticket had been cancelled through United.com in Chinese?
They *should*, but in the case of the other thread, they didn't. There, there was only a cancellation e-mail in Chinese. Nothing more, if I remember correctly.
GBadger is offline  
Old Apr 12, 14, 5:54 pm
  #57  
 
Join Date: Aug 2011
Location: 10^7 mm from Ȱ
Programs: Hyatt D/HHonors D/ SPG P/ Marriott P/ IHG P/ UA 1K/ AA EXP/ DL D
Posts: 1,959
UAInsider - UA gotta stop CA award seat poacher from China!

During the past week, I've heard three incidents from my friends w/r/t UA award ticket (016 stock) with Air China (CA) award segments got mysteriously cancelled by somebody in China.

Victim 1: two first class award bookings (O class) with TPAC on CA985 (PEK-SFO); the expected travel date is in June 2014;

Victim 2: two first class award bookings (O class) with TPAC also on CA985 (PEK-SFO); the expected travel date is also in June 2014;

Victim 3: one business class award booking (I class) with TPAC also on CA985 (PEK-SFO); the expected travel date is also in June 2014.

All these three incidents started with receiving an email from MileagePlus in Chinese, stating their United award tickets were cancelled per their requests. Upon receiving these emails, their award seats could no longer be re-captured due to no award availability from CA on those TPAC segments.

These incidents, together with the one reported by MikeMpls (link attached below), revealed a bone-chilling scheme conspired by some award seat poachers in China:

MikeMpls's Post

People in this hemisphere may not be aware of how booming a business is at China right now for award seat scalping. Due to the language and food preference, CA (Air China) F and C cabin award seats are in high demand from Chinese travelers. As such, award seat scalpers in China are constantly looking for TPAC award inventory for their clients and if they find no inventories available, they will create availability by themselves.

How? It is well-known at China that TravelSky, the Chinese version of Amadeus, is fairly vulnerable to protect Chinese travelers' information. Unfortunately, it is also the case that if anybody purchases a flight ticket in China (e.g., to travel on CA, MU, or CZ), your personal information may very likely already be compromised through TravelSky. My best guess is: by accessing TravelSky's database, these Chinese scalpers were able to locate passenger information (e.g., first and last name) as well as ticket information (e.g., PNR# and cabin) for any CA flights, even if the tickets are issued on a 016 stock.

Now, how come only 016 stock tickets got cancelled by these scalpers, but not 037 (US) or 014 (AC) stock tickets? This all thanks to the super easy and hassle-free online award booking management system of UA. United.com only requests two piece of information from anybody in the world to accomplish a cancellation: PNR and last name, that's it.

Now UA has to do something to stop CA award seat poachers from China to protect MileagePlus members' award benefits. This shouldn't be a rocket science project but simply adding an additional layer of verification and security before anybody attempts to cancel a 016 stock award booking, such as booking may only be cancelled online when the account is logged in, or verified the pin code when cancelled through an agent.

UAInsider, your prompt reply to this issue will be very much appreciated. If you need those victims' information, please feel free to send me a PM. Thanks.
lewende is offline  
Old Apr 12, 14, 6:14 pm
  #58  
 
Join Date: Jun 2012
Location: BOS
Programs: BA GLD, A3 GLD, TK GLD, UA SIL, HILTON DIA, HYATT DIA, IHG PA, MR GLD, ACCOR PLT, SPG GLD
Posts: 86
Do you have any proof regarding this issue? It sounds like a doable theory but you cannot just point finger at someone and hoping UA to do something(actually I do think they will do anything) regarding your issue.
pjf66 is offline  
Old Apr 12, 14, 6:19 pm
  #59  
 
Join Date: Jan 2010
Location: SAN
Posts: 147
That's horrible...

Such behavior is a criminal...

@UAinsider, please forward this message and improve necessary security verification when changing/cancelling tix...

For other ft folks, please pay attention to this.. If no such verification is improved, you may suffer pains when your tickets suddenly cancelled w/o your acknowledge and nothing can be returned...
thinthin is offline  
Old Apr 12, 14, 6:19 pm
  #60  
 
Join Date: May 2000
Location: Houston, TX, USA
Programs: Bonvoy Platinum, AA Lifetime Platinum, UA Platinum, DL Platinum, HHonors Diamond
Posts: 7,624
If UA cares about this, they could contact the 3 alleged victims directly, and verify with each of them that they did not cancel the tickets. They can also look through their server logs to see if there is any commonality between where the cancellation requests are coming from (e.g. all from China, or all from the same VPN service to mask the actual location). If the alleged happenings actually happened, UA could be fairly certain of it by doing the above, without relying on just the word of the OP.
Steve M is offline  

Thread Tools
Search this Thread