UA-NYC

Still crickets from United on this issue. Bad form.

Flyloha

I actually received a call last week from the security department saying there was suspicious activity on my account and asked if I was trying to purchase Amazon gift cards which I was not. They hack had changed all of my personal information, login, and PIN. They were able to manually reset my PIN and have since changed my password and PIN.

About five days prior to the call from United about my MP account, my Chase Club Card was compromised and someone was trying to make online purchases at Walmart.com with my number. Not sure if they are related but find it interesting that it happened within a matter of days.

I will give credit to both UA and Chase for both contacting me via phone so I was able to get it resolved without really any harm being done besides having to get a new CC# and reseting everything in my MP account. Doesn't make up for the breach though.

1KChinito

I do not understand why UA cannot send us an email when a redemption occurs. I recently redeemed some AA miles on US, I received an email from AA within two hours of redemption. It is so much easier for everyone involved.

docbert

They likely do. The fraudsters will change the email address before redeeming, so one way or another you won't see it.

This is why some companies will send an email to your OLD email address when you change your contract details - so at least there's a chance you'll see something is wrong.

1KChinito

I have redeemed numerous award tickets with UA over the years, l have yet to receive one single email confirming my redemption.

It would be ideal if any change to my profile, UA would send me an email confirming the change like many companies. If there is an email change, an email will be send to both new and old email address. I bet in the long run, it would be much easier and cheaper for UA, not to mention less stress/surprise to passengers.

scottsam66

Purely baseless conjecture.
Yawn.

olouie

I just had my password and account stop working. Had to reset password. Wonder if it had anything to do with this.

Juggy007

So even after changing my password, I cannot login to my account. I think there's a broader issue with the website...

snowed

Got an email last night from someone in the fraud department.

1 million miles spent on MPshopping but most have now been returned.

New PIN, new password, no more username. Could have been worse.

I wonder who the third party is in this breach.

WineCountryUA

Where did you use the same username and password as had been on your UA account?
If folks listed that we could figure this out from the intersection of sites.

olouie

Hm... Login with MP number works now but not username or email.

snowed

Just got home and looked this up. The places with the same documented login/pass were:
- Award Nexus
- Register.com
- Flight Diary
- Flight Memory
- Flyer Talk
- MP Dining
- Open Flights

As this was my very first login/pass there are probably many other forgotten sites that also had it over the course of the past 10 years.

Anyone else see a pattern with their logins?

Based on their proactivity my bet is the breach occurred at MP Dining but that is all speculation on my part.

snowed

That is expected behavior even after resetting one's password/PIN/secquestion is reset.

PaulMCO

Just had a fraud alert on my Chase Visa MP card. This was the card associated with MP Dining. Wonder if there is a relation.

United did not lockout my MP account because I have different PW/PINS on these but will have to now monitor the other MP dining cards registered.

SychoSly

Has anyone else been having trouble logging into the UA MP account with their username? I keep getting an error stating:

! The MileagePlus number entered does not match our records, or, you have used a username or e-mail address. Sign-in using username or email is currently unavailable. Please try again using your MileagePlus number. If you’ve forgotten your information, please use one of the links below for help.

This has been going on since sometime last week for me.