Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

    Hide Wikipost
Old May 13, 14, 4:42 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: Pat89339
Wiki Link
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.

It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.

Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
  1. MikeMpls
  2. nihaoa
  3. lewende Reported 4 friends with this issue
  4. ordbkk
  5. twebst
  6. kb1992
  7. litesleeper
  8. zombietooth
  9. critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
  10. skyvanman Also 1 friend with the issue
  11. chris1234
  12. atiger29
  13. bubble o bill
  14. genemk2
  15. jefftiger
  16. CuddlyFlyer
  17. gpeso8
  18. imm2b
  19. acf1270
  20. dgxoxo
  21. ACM two passengers
Originally Posted by ordbkk View Post
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户

先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。

如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。

感谢您使用 united.com

电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: [email protected]

Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:

MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)

So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
Print Wikipost

Old Apr 14, 14, 12:38 pm
  #106  
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 36,779
Originally Posted by kb1992 View Post
Why does UA spend such resource on keeping track of IP address of every single action on a PNR?

Don't they have other better things to do, such as improving their website?
Why not? If I were programming such a system I would certainly log it. Disk space is cheap. Audit trails are useful. It's not like a human does it.
Loren Pechtel is online now  
Old Apr 14, 14, 12:42 pm
  #107  
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 36,779
Originally Posted by bmwe92fan View Post
So, assuming that the IP is part of the record sent to AC - would be really quite trivial to spoof that IP when cancelling - thus covering their tracks easily and making UA think the original person did it....
Yeah. I want to order one of your widgets, but I don't want you to figure out who got it.

Please ship it to -9 Bogus Way, Nowhere, Nostate, 00000, USA

Think that's going to do me any good?


(Hint: IP addresses are to the internet what postal addresses are to mail and package delivery. You don't spoof them if you want an answer. The only way to hide your IP address is to route your connection through some server that will retransmit it with their address and forward any replies to you--and you can only do that with a suitable system. You can't simply make somebody's machine do it unless you can first hack their machine and install the requisite software.)
Loren Pechtel is online now  
Old Apr 14, 14, 12:45 pm
  #108  
 
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.5MM, AA 2MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 4,809
Originally Posted by Loren Pechtel View Post
Yeah. I want to order one of your widgets, but I don't want you to figure out who got it.

Please ship it to -9 Bogus Way, Nowhere, Nostate, 00000, USA

Think that's going to do me any good?


(Hint: IP addresses are to the internet what postal addresses are to mail and package delivery. You don't spoof them if you want an answer. The only way to hide your IP address is to route your connection through some server that will retransmit it with their address and forward any replies to you--and you can only do that with a suitable system. You can't simply make somebody's machine do it unless you can first hack their machine and install the requisite software.)
LOL when I lived in Japan I did it every day to watch ESPN sports and US news - it's so easy to do it's laughable...
bmwe92fan is online now  
Old Apr 14, 14, 6:49 pm
  #109  
 
Join Date: Mar 2012
Location: Boulder
Programs: AA Plat, CX Silver
Posts: 2,361
Originally Posted by bmwe92fan View Post
LOL when I lived in Japan I did it every day to watch ESPN sports and US news - it's so easy to do it's laughable...
Using a VPN is not the same as spoofing an IP address, it just hides yours.
txflyer77 is offline  
Old Apr 14, 14, 6:58 pm
  #110  
FlyerTalk Evangelist
 
Join Date: Mar 2012
Posts: 15,742
Originally Posted by Loren Pechtel View Post
The only way to hide your IP address is to route your connection through some server that will retransmit it with their address and forward any replies to you--and you can only do that with a suitable system. You can't simply make somebody's machine do it unless you can first hack their machine and install the requisite software.)
Suppose you and I are sitting in the same UC and are both using the Club's wifi (I'm making what I consider to be a safe assumption that the UC doesn't assign each device a public IP address.). I "observe" the PNR and name on a reservation you made. I then log in and use that information to change something in that reservation. Would the UA system not then record the same "public" IP address (presumably assigned to the Club's wifi) for both transactions?
kale73 is offline  
Old Apr 14, 14, 7:49 pm
  #111  
 
Join Date: Nov 2013
Location: NYC / TYO / Up in the Air
Programs: UA GS 1.5MM, AA 2MM, EK, BA, SQ, CX, Marriot LT, Accor P
Posts: 4,809
Originally Posted by txflyer77 View Post
Using a VPN is not the same as spoofing an IP address, it just hides yours.
I understand that too - my point was that if in 5 minutes a common person can figure out how to hide their location on the Internet completely from existing internet systems how hard can it be for trained professionals to fool UA systems if they really want to do it?

This is my background and education - it's not as hard as you may think....
bmwe92fan is online now  
Old Apr 14, 14, 9:57 pm
  #112  
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 36,779
Originally Posted by bmwe92fan View Post
LOL when I lived in Japan I did it every day to watch ESPN sports and US news - it's so easy to do it's laughable...
Yeah, it's called a VPN.

The point is you can't just come up with some particular IP.
Loren Pechtel is online now  
Old Apr 14, 14, 9:59 pm
  #113  
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 36,779
Originally Posted by kale73 View Post
Suppose you and I are sitting in the same UC and are both using the Club's wifi (I'm making what I consider to be a safe assumption that the UC doesn't assign each device a public IP address.). I "observe" the PNR and name on a reservation you made. I then log in and use that information to change something in that reservation. Would the UA system not then record the same "public" IP address (presumably assigned to the Club's wifi) for both transactions?
Yes, it would. That's why I asked where he was.
Loren Pechtel is online now  
Old Apr 14, 14, 10:00 pm
  #114  
FlyerTalk Evangelist
 
Join Date: Jun 2005
Posts: 36,779
Originally Posted by bmwe92fan View Post
I understand that too - my point was that if in 5 minutes a common person can figure out how to hide their location on the Internet completely from existing internet systems how hard can it be for trained professionals to fool UA systems if they really want to do it?

This is my background and education - it's not as hard as you may think....
Hide with a VPN, certainly. Spoof someone else's IP is quite another matter.
Loren Pechtel is online now  
Old Apr 14, 14, 10:21 pm
  #115  
A FlyerTalk Posting Legend
 
Join Date: Apr 2004
Location: GVA (Greater Vancouver Area)
Programs: DREAD Gold; UA 1.024MM; Bonvoy Au-197; PCC Elite+; CWC Au-197; CCC Select; WoH Dis
Posts: 51,052
Originally Posted by Tracer_SEA View Post
Have you tried a DL or even AA award booking recently?
Both, actually.
mahasamatman is offline  
Old Apr 14, 14, 10:21 pm
  #116  
 
Join Date: Mar 2012
Location: Boulder
Programs: AA Plat, CX Silver
Posts: 2,361
Originally Posted by bmwe92fan View Post
I understand that too - my point was that if in 5 minutes a common person can figure out how to hide their location on the Internet completely from existing internet systems how hard can it be for trained professionals to fool UA systems if they really want to do it?

This is my background and education - it's not as hard as you may think....
Mine too.

And probably a good chunk of FTers as well.
txflyer77 is offline  
Old Apr 17, 14, 10:51 pm
  #117  
 
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
Angry Disaster strikes: Reservation hacked?

I am very tired and very disappointed at the moment.

After United announced their big devaluation, we decided we should burn some miles and experience first class on a foreign carrier before it was too late. We booked a family trip to Beijing, Tokyo, and Kyoto on a mix of ANA and Air China metal. We booked the hotels & tours, time off from work, arranged sitter, etc.

That was 3 months ago. Tonight, I received an email from United that was entirely in Chinese. At first, I thought it was just your typical malware/phishing email but it referenced my name and PNR, so I called United to get the scoop. While waiting on hold, I pulled up United.com and our reservation was missing.

The United rep answers and informs me that I canceled my own reservation. I laughed and said no, I did not. We went back and forth like this for awhile, when finally she gave up and said well it doesn't matter anyway, let's see if we can book you a new reservation. After putting me on hold for 40 minutes, she comes back and says all of my original flights have no award space available. (ITA shows that paid space is available for ALL my flights, just not award space)

And at this point all they can offer me is a mix of United Business & First, on other dates or using alternate airports. This is incredibly disappointing.. I expected more as a very loyal United customer.

Does anybody have any suggestions for getting a better resolution to this mess?
ordbkk is offline  
Old Apr 17, 14, 10:56 pm
  #118  
 
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,626
Jeez, more of this?
mgcsinc is offline  
Old Apr 17, 14, 10:57 pm
  #119  
 
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
And FWIW, I work in IT security, so I know how to protect myself online.. nobody is completely untouchable but I'm probably far more secure than 99% of United accounts. None of my other reservations were touched, only this one. And access to your United account is not required to cancel a reservation, all you need is the PNR and last name, which I assume can be easily accessed by lots of people. Since the cancellation notice (I used Google Translate on the email) was in Chinese, I assume the cancellation request come from a United system in China. What are the chances Air China was hacked? Or this is related to heartbleed?

Last edited by ordbkk; Apr 17, 14 at 10:57 pm Reason: typo
ordbkk is offline  
Old Apr 17, 14, 10:57 pm
  #120  
 
Join Date: Jan 2003
Posts: 793
someone posted a VERY SIMILAR experience a few weeks ago. What is this all about? So sorry for what you have to go through now.
trust77 is offline  

Thread Tools
Search this Thread