Suspended MP Accounts / Username Access Disabled / 3rd Party Security Breach-Dec 2014
Dec 30, 2014, 9:37 pm
#62
Join Date: Sep 2012
Location: SFO (San Fran)
Programs: United, Hilton (Diamond), Marriott Elite
Posts: 75
Same. So they {messed} up with their Mileageplus Dining program with a password leak, didn't inform anybody, and now are warning everybody? What kind of crappy security is this? On hold for 30 minutes for a supervisor to help reset the pw. 
Last edited by WineCountryUA; Dec 30, 2014 at 10:05 pm Reason: Using symbols, spaces or other methods to mask vulgarities is not allowed. http://www.flyertalk.com/help/rules.php#offensive
Dec 31, 2014, 8:05 am
#63
Join Date: Apr 2004
Posts: 126
The letter they sent me was very clear -- I screwed up and used the same e-mail address (I didn't have a username set) and password on a million sites and some bad guys figured that out.
UA looked out for me -- I'm not sure what there is to complain about?
Dec 31, 2014, 9:16 am
#64
Join Date: Oct 2009
Location: South Carolina
Programs: UA LT Gold, American Kettle, Hertz #1 Presidents Circle, Marriott LT Platinum
Posts: 927
It took about 20 minutes on the phone with MP Service Center to get things re-activated. I was told a manager had to get involved. Had to listen to the stupid music loop forever. It got really old hearing the same 30? 45? seconds of sound clip.
I got the email after I had already gotten my account unlocked. The headers have a 12/30 16:09:20 (GMT -05:00) timestamp in them, which was a couple of hours after I had dealt with the issue.
Last edited by drowelf; Dec 31, 2014 at 9:23 am Reason: Add info on when I received the email.
Dec 31, 2014, 9:53 am
#65
Join Date: Apr 2012
Location: Chicago
Posts: 245
The only reference I can see to the dining program is complete conjecture by someone who is (like the rest of us) uninformed.
The letter they sent me was very clear -- I screwed up and used the same e-mail address (I didn't have a username set) and password on a million sites and some bad guys figured that out.
UA looked out for me -- I'm not sure what there is to complain about?
The letter they sent me was very clear -- I screwed up and used the same e-mail address (I didn't have a username set) and password on a million sites and some bad guys figured that out.
UA looked out for me -- I'm not sure what there is to complain about?
I didn't get the email until a day after I already fixed it with their CS people when I couldn't log in? It was a full ten days after other people originally started getting the emails? That is quite a slow response. Honestly, I shouldn't learn about something like this by reading a forum before the company notifies me.
I don't know if it was the dining club login changeover or not, but the two events seem to have occurred close together. I have my own issues with the dining club - it seems they never capture my dines.
Dec 31, 2014, 10:07 am
#66
Join Date: Jul 2012
Posts: 1
i got the notice, and what’s even more frustrating is that when I called the number they told me to call, nobody had any idea what was going on. They kept transferring me to different departments and supervisors, each of whom asked me to repeat the same information, then said “oh, i need to transfer you to somebody else to handle this”, only then to have the whole process begin again. After about a half hour on hold, I gave up and hung up. What’s more, most of these agents appeared to be from overseas, and didn’t have great language skills. Not a good way to handle a crisis!
Dec 31, 2014, 10:24 am
#67
Moderator: Smoking Lounge; FlyerTalk Evangelist
Join Date: Feb 2004
Location: SFO
Programs: Lifetime (for now) Gold MM, HH Gold, Giving Tootsie Pops to UA employees, & a retired hockey goalie
Posts: 28,878
Dec 31, 2014, 10:52 am
#68
Join Date: Apr 2004
Posts: 126
i got the notice, and what’s even more frustrating is that when I called the number they told me to call, nobody had any idea what was going on. They kept transferring me to different departments and supervisors, each of whom asked me to repeat the same information, then said “oh, i need to transfer you to somebody else to handle this”, only then to have the whole process begin again. After about a half hour on hold, I gave up and hung up. What’s more, most of these agents appeared to be from overseas, and didn’t have great language skills. Not a good way to handle a crisis!
It took me 1 hour and 57 minutes to get reset but only took 1 transfer. I am guessing they are re-setting a lot of accounts, which is sad. But I still don't think it's their fault based on the language in the letter.
Dec 31, 2014, 10:56 am
#69
Join Date: Apr 2004
Posts: 126
Just checked and Data Breach today wrote about it. Looks like I was right. Don't use the same password for your Mileage Plus account or become a victim of your own stupidity like me
http://www.databreachtoday.com/fraud...-fliers-a-7730
Starting around Dec. 9, the intruders attempted to access the accounts using the usernames and passwords obtained elsewhere, "since many people use the same username and password for multiple accounts and websites," United says.
Dec 31, 2014, 6:07 pm
#70
FlyerTalk Evangelist
Join Date: Mar 2014
Location: 4éme
Posts: 12,028
Nope.
That change led to one of the weirdest encounters I ever had on FT. I noted that some kiosks had begun obfuscating the MP number, and a poster accused me of lying. So then I posted a picture and the person accused me of photoshopping it. It was surreal.
Anyway, all mechanisms for retrieving a BP now remove most of the MP number.
That change led to one of the weirdest encounters I ever had on FT. I noted that some kiosks had begun obfuscating the MP number, and a poster accused me of lying. So then I posted a picture and the person accused me of photoshopping it. It was surreal.
Anyway, all mechanisms for retrieving a BP now remove most of the MP number.
Dec 31, 2014, 6:43 pm
#71
Join Date: Apr 2014
Posts: 121
Just checked and Data Breach today wrote about it. Looks like I was right. Don't use the same password for your Mileage Plus account or become a victim of your own stupidity like me
http://www.databreachtoday.com/fraud...-fliers-a-7730
http://www.databreachtoday.com/fraud...-fliers-a-7730
Jan 3, 2015, 12:32 am
#73
Join Date: Aug 2010
Location: IAD
Programs: UA 1P
Posts: 41
UA.com Login Change - No more e-mail?
Anyone know what's up with UA suddenly disallowing e-mail address as login for both UA.com and the mobile app? Since the merger they started changing all the text to say the login is your mileage plus account number (letters/number) but continued to allow the e-mail address. It seems sometime last week that got killed off. I suppose I am just curious if anyone had any additional insight. Logging in with the e-mail address was so much easier than needing to write down or otherwise remember the random account number.
Jan 3, 2015, 12:43 am
#74
A FlyerTalk Posting Legend
Join Date: Apr 2013
Location: PHX
Programs: AS 75K; UA 1MM; Hyatt Globalist; Marriott LTP; Hilton Diamond (Aspire)
Posts: 56,448
Yes this was discussed in three recent threads, summarized here: Moderator Note.
Jan 3, 2015, 12:55 am
#75
Join Date: Aug 2010
Location: IAD
Programs: UA 1P
Posts: 41
Ahh thanks.. there's zillion posts a day so searching didn't turn it up. The moderate note doesn't exactly address it and it takes a lot of digging through the post it links to in order to get to the point. I was aware of the breach issue but didn't get an e-mail, which would be a normal thing to do when drastically changing login procedures. If they find that solution effective, then more power to them but large website database dumps have been happening non-stop for years. I guess they finally notice the brute force attempts being turned on against united.com. The real problem is with people re-using passwords but ultimately the headache is for United so I guess I can identify with that.