Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

2014 UA Issued Awards on Air China (CA) Are Mysteriously Being Canceled (Hacked?)

    Hide Wikipost
Old May 13, 14, 4:42 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: Pat89339
Wiki Link
A number of folks with award flights booked on CA (Air China) found their reservations cancelled. The only notification of cancellation appears to be an email in from UA written in chinese. UA reps confirmed that cancellations were made online and CA award space was no longer available. UA can rebook on other flights when award space is available.

It is plausible that a third party with access to PNR and pax name on the flight can fraudulently cancel an existing itinerary and book the reopened award seat.

Affected FlyerTalk members — with links to where in this discussion they posted their experiences — include:
  1. MikeMpls
  2. nihaoa
  3. lewende Reported 4 friends with this issue
  4. ordbkk
  5. twebst
  6. kb1992
  7. litesleeper
  8. zombietooth
  9. critten Reported 2/3 confirmations (3 people CA Business class) cancelled at the same time
  10. skyvanman Also 1 friend with the issue
  11. chris1234
  12. atiger29
  13. bubble o bill
  14. genemk2
  15. jefftiger
  16. CuddlyFlyer
  17. gpeso8
  18. imm2b
  19. acf1270
  20. dgxoxo
  21. ACM two passengers
Originally Posted by ordbkk View Post
It seems everybody wants to see the message.. here was mine:
united.com 通知 - 航班预订取消
2014年4月17日 (星期四)
united.com | 优惠促销 | 预订 | 赢取前程万里 (MileagePlus®) 奖励里程 | 我的帐户

先生 ORDBKK
您的预订 MYRES123 已取消,我们已收到您的退款申请。申请信用卡退款需 7 个工作日。如果信用卡退款未在一个付款周期内寄出,请联系信用卡公司。对于包括现金退款在内的 所有其他形式 的付款,需要 20 个工作日。

如需详细信息或查看退款的状态,请访问 united.com 并提供您的机票号码。

感谢您使用 united.com

电子邮件信息
请不要使用“回复”地址回复此邮件。
此电子邮件中的信息仅供原接收人使用。
如果您遇到技术问题,请通过电子邮件或电话联系 united.com 服务支持。
通知:机票取消确认
电子邮件地址: [email protected]

Originally Posted by ordbkk View Post
For tracking purposes, I went through the 27 pages of this thread and compiled a list of those affected:

MikeMpls
nihaoa
lewende (reported 4 friends with this issue)
ordbkk
twebst
kb1992
litesleeper
zombietooth
critten
skyvanman (also 1 friend with the issue)
jefftiger (but, happened during October 2013)

So we're at 13 people affected, although some like critten have had multiple trips canceled.
From what I understand, all of these occurred in the last 3 weeks.
Print Wikipost

Old Apr 17, 14, 10:58 pm
  #121  
 
Join Date: Dec 2012
Location: YVR, HNL
Programs: AS 75k, UA peon, BA Bronze, AC E50k, HH Diamond, Fairmont Plat (RIP)
Posts: 7,429
Not another one? Check out this thread: United award tickets cancelled without my knowledge - data breach?

And this one http://www.flyertalk.com/forum/unite...l-chinese.html

In fact, mods should merge this into that thread so you can all help each other. I am really sorry to hear this, OP and hope they can help you. I am really worried about my own res for October. United has to deal with this and make it right. And they need to do it NOW!
Finkface is offline  
Old Apr 17, 14, 11:03 pm
  #122  
 
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
WOW, reading through those other posts, it's deja vu all over again. Has anyone pulled in UA Insider or another United employee to have this escalated?

If it's an Air China breech, I understand there's not much that UA can do about it.. but the rep I spoke to was very hostile and insisted that I canceled my own ticket. She had no explanation for the Chinese cancellation notice and refused to entertain any idea besides my own cancellation.
ordbkk is offline  
Old Apr 17, 14, 11:08 pm
  #123  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Plat
Posts: 60,079
Originally Posted by ordbkk View Post
... the rep I spoke to was very hostile and insisted that I canceled my own ticket. She had no explanation for the Chinese cancellation notice and refused to entertain any idea besides my own cancellation.
Call back and request to be connected to the fraud department (may need to wait until nominal business hours), escalate to a supervisor if needed.
WineCountryUA is offline  
Old Apr 17, 14, 11:42 pm
  #124  
 
Join Date: Oct 2012
Location: Chicago
Programs: UA 1k
Posts: 83
Ok, I will be calling UA first thing in the morning. If I strike out again, this seems like one of those issues that could benefit from some media attention. United.com is so insecure, on the eve of a family vacation you can have your reservations canceled by anonymous people in china, with United refusing to take responsibility.
ordbkk is offline  
Old Apr 17, 14, 11:48 pm
  #125  
A FlyerTalk Posting Legend
 
Join Date: Apr 2013
Location: PHX/SFO
Programs: AA EXP; AS 75K; WN A List; UA 1K 1MM; Hyatt Globalist; Marriott AMB; Hilton Diamond (Aspire)
Posts: 50,467
Originally Posted by ordbkk View Post
Ok, I will be calling UA first thing in the morning. If I strike out again, this seems like one of those issues that could benefit from some media attention. United.com is so insecure, on the eve of a family vacation you can have your reservations canceled by anonymous people in china, with United refusing to take responsibility.
They ought to be on notice of it by now. This is either the third or fourth report, all virtually identical, in the past two weeks.
Kacee is offline  
Old Apr 17, 14, 11:50 pm
  #126  
 
Join Date: Feb 2011
Location: SYD
Programs: UA 1MM GS
Posts: 254
Disaster strikes: Reservation hacked?

Stick with the facts you know: your res was cancelled and you didn't do it. The rest is UA's problem.

Just because the email re cancelation was in Chinese, means very little to assert someone from China did it.
Daniel-SYD is offline  
Old Apr 18, 14, 1:21 am
  #127  
 
Join Date: Nov 2011
Posts: 6,344
Wow, that's crazy.
yerffej201 is offline  
Old Apr 18, 14, 1:25 am
  #128  
Suspended
 
Join Date: May 2011
Location: SFO
Programs: UA 1K
Posts: 1,955
Did you check whether the Air China flight that you had booked is still operating, or has the whole flight been removed from the schedule?
DaviddesJ is offline  
Old Apr 18, 14, 1:51 am
  #129  
 
Join Date: Aug 2013
Location: LAS HNL
Programs: DL DM, 5.7 MM, UA 3.1 MM, MARRIOTT PLATINUM, AVIS FIRST, Amex Black Card
Posts: 4,479
This is about the third thread I've read about this on the UA forum in the past two weeks. UA web security needs to be notified. OP contact them ASAP with your PNR.

I hope your vacation is not ruined by UA's failure to resolve your problem.

Is there not a way for UA to find out what computer "cancelled" the flts? That might give a clue on why all these emails are in Chinese.

How many people not posting on FT is this happening to?
kettle1 is offline  
Old Apr 18, 14, 2:26 am
  #130  
 
Join Date: Nov 2010
Location: NYC
Programs: AA EXP, Hilton GLD, Marriott Plat, NEXUS/GE
Posts: 2,872
Originally Posted by ordbkk View Post
And FWIW, I work in IT security, so I know how to protect myself online.. nobody is completely untouchable but I'm probably far more secure than 99% of United accounts.
Given your account is protected by a 4-digit PIN (that I assume could be trivially socially engineered with a phone call), how are you "more secure than 99% of United accounts?"
FlyerChrisK is offline  
Old Apr 18, 14, 2:33 am
  #131  
FlyerTalk Evangelist
 
Join Date: Sep 2003
Location: HH Diamond, Marriott Platinum, IHG Gold, Hyatt something
Posts: 31,771
As I said in the other thread, I'd guess UA or Air China is the cause of these cancelations, rather than some rogue hacker canceling award flights.

Can a DOT complaint be filed for award tickets? It sees UA always pretends they're Sgt. Schultz.
Jaimito Cartero is offline  
Old Apr 18, 14, 2:34 am
  #132  
 
Join Date: Nov 2010
Location: NYC
Programs: AA EXP, Hilton GLD, Marriott Plat, NEXUS/GE
Posts: 2,872
Originally Posted by bmwe92fan View Post
So, assuming that the IP is part of the record sent to AC - would be really quite trivial to spoof that IP when cancelling - thus covering their tracks easily and making UA think the original person did it....
No, spoofing your IP on this is quite difficult. Absent hjiacking your ISP's traffic to/from a large swath of the internet, they'll be unable to get data back from United's severs necessarily to establish a connection to the United.com website.

While a VPN or other proxy obscures their IP, it still doesn't change the fact that the connection is going to be (likely) coming from a very different location (in the IP address-sense, not the geographic sense) than normal.

(Of course, your computer itself being compromised makes everything rather straightforward, but that's a different story.)
FlyerChrisK is offline  
Old Apr 18, 14, 3:22 am
  #133  
 
Join Date: Aug 2012
Programs: UA 1K/MM, CX Silver, LY TL, Marriot G
Posts: 806
Let's assume this suspicion is true - how would that help the fraudsters? We know that the released seat will not necessarily go back into award inventory, and certainly not immediately. So they would do a lot of work for no certain renumeration. Nice conspiracy theory, not very credible.

Seems more likely that someone (an airline perhaps) wants revenue seats to book, so they free some up in way that is harder for the airline to detect, because there will be no refunds payable (only by a partner, not by CA for example).
sabbasolo is offline  
Old Apr 18, 14, 4:07 am
  #134  
 
Join Date: Feb 2012
Programs: UA 1K, Marriott P, SPG G
Posts: 218
Originally Posted by ordbkk View Post
And FWIW, I work in IT security, so I know how to protect myself online.. nobody is completely untouchable but I'm probably far more secure than 99% of United accounts. None of my other reservations were touched, only this one. And access to your United account is not required to cancel a reservation, all you need is the PNR and last name, which I assume can be easily accessed by lots of people. Since the cancellation notice (I used Google Translate on the email) was in Chinese, I assume the cancellation request come from a United system in China. What are the chances Air China was hacked? Or this is related to heartbleed?
I am native in Chinese. Do u mind PM me the cancelation email just in case you might misread some of the information?

Sorry to hear your loss.
cyanchan15 is offline  
Old Apr 18, 14, 5:00 am
  #135  
 
Join Date: Nov 2003
Location: Philadelphia, PA, USA
Programs: United 1K (after 15 years GS) 3MM, Marriott LTTitanium
Posts: 557
SYD-PEK

Several weeks ago, in the middle of a Star Alliance RTW trip, I was informed that my SYD-PEK on CA was cancelled by UA two days after the reservation was made. After 20 minutes, I was put back on flight.
twebst is offline  

Thread Tools
Search this Thread