Suspended MP Accounts / Username Access Disabled / 3rd Party Security Breach-Dec 2014
#106
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,166
AP story about this hit the wires half an hour ago.
https://finance.yahoo.com/news/2-air...--finance.html
AA also affected. AA also offering credit monitoring services to those affected.
https://finance.yahoo.com/news/2-air...--finance.html
AA also affected. AA also offering credit monitoring services to those affected.
Meanwhile, UA disables it for everyone, and has zero communication about it
#107
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,740
(username and e-mail address sign-on are currently unavailable)
Does anyone get this message when attempt to log in United site?
(username and e-mail address sign-on are currently unavailable)
It allows me to log in with MP number and PIN but why it disables the username / password function? I dont remember my MP number, besides this is very insecure. Our accounts are always using username / password from the day with CO.
Or this is a known glitch that I am just not aware of? Anyway to fix it?
EDIT
I cannot even find a web support tel number to call. The UA website directs me to an online email submission form!!!
(username and e-mail address sign-on are currently unavailable)
It allows me to log in with MP number and PIN but why it disables the username / password function? I dont remember my MP number, besides this is very insecure. Our accounts are always using username / password from the day with CO.
Or this is a known glitch that I am just not aware of? Anyway to fix it?
EDIT
I cannot even find a web support tel number to call. The UA website directs me to an online email submission form!!!
Last edited by Happy; Jan 13, 2015 at 10:11 am
#108
Join Date: Jun 2001
Location: LAX
Programs: AA Gold (prev. Ex Plat for 10 years); DL Plat; UA Gold; Hilton Diamond
Posts: 2,338
Mind you, we've not had any official communication from AA on this either, only what has been reported in the media. No other follow up. UA and AA haven't entirely impressed me on this issue.
#109
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,166
I just see AA using a smart scalpel, and UA using a big, dumb hammer.
#110
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,740
Can we set a password with the MP number, so we dont need to use the 4 digits PIN? Still a pain to use the MP number as it is not one easy to remember. We never link it to anything other then occasional car rentals and hotel bookings.
Just how it can improve the security when UA was hacked last year on accounts that used MP number and PIN to log in?
My friend got 300K balance wiped out from his account for redeeming MacAir and iPad shipped to a warehouse address at LA Port. He found this out when his account was locked. MP CS dept told him what happened but the orders were detected and canceled by MP then locked his account which was restored with everything after 48 hours but he was told to switch to username and password as log in method.
Anyone remember last year people's tickets with Air China premium cabin award flights were canceled by someone in China logged in UA site with MP number and canceled those tickets?
Now we are forced to go back the highly insecure method of MP number and PIN?
This is beyond ridiculous.
No communication whatsoever, not even a banner announcement on the home page.
Still cannot find Web Support tel number on UA site.
Just how it can improve the security when UA was hacked last year on accounts that used MP number and PIN to log in?
My friend got 300K balance wiped out from his account for redeeming MacAir and iPad shipped to a warehouse address at LA Port. He found this out when his account was locked. MP CS dept told him what happened but the orders were detected and canceled by MP then locked his account which was restored with everything after 48 hours but he was told to switch to username and password as log in method.
Anyone remember last year people's tickets with Air China premium cabin award flights were canceled by someone in China logged in UA site with MP number and canceled those tickets?
Now we are forced to go back the highly insecure method of MP number and PIN?
This is beyond ridiculous.
No communication whatsoever, not even a banner announcement on the home page.
Still cannot find Web Support tel number on UA site.
Last edited by Happy; Jan 13, 2015 at 10:58 am
#111
FlyerTalk Evangelist
Join Date: Jul 2003
Location: Florida
Posts: 29,740
I have redeemed numerous award tickets with UA over the years, l have yet to receive one single email confirming my redemption.
It would be ideal if any change to my profile, UA would send me an email confirming the change like many companies. If there is an email change, an email will be send to both new and old email address. I bet in the long run, it would be much easier and cheaper for UA, not to mention less stress/surprise to passengers.
It would be ideal if any change to my profile, UA would send me an email confirming the change like many companies. If there is an email change, an email will be send to both new and old email address. I bet in the long run, it would be much easier and cheaper for UA, not to mention less stress/surprise to passengers.
Both AA and SPG sends such alerts. Any tiny bit touching the SPG profile now tricks an email alert.
#112
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
#113
Join Date: Jul 2012
Location: SF Bay Area, CA
Posts: 337
I am not sure if this is related or not, but I just noticed last night that my primary email address that is associated with my MP account was changed to one that ended in @inbox.com. My actual email address that I have been using for years was suddenly listed as a secondary address.
Has anyone else noticed something similar?
Has anyone else noticed something similar?
#114
Join Date: Aug 2011
Programs: UA 1K
Posts: 8,634
I am not sure if this is related or not, but I just noticed last night that my primary email address that is associated with my MP account was changed to one that ended in @inbox.com. My actual email address that I have been using for years was suddenly listed as a secondary address.
Has anyone else noticed something similar?
Has anyone else noticed something similar?
#115
Join Date: Jan 2015
Programs: UA, DL, AA, US
Posts: 2
Why do people keep assuming that the breach was from a website that United does business with? Many people, myself included, use the same username and password for multiple websites, not just ones associated with United, for which I should know better. All that needs to happen is for any site, for which you use the same username and password as United, to be hacked, and then the perpetrators can go out and attempt to log into a variety of sites, whether it be airline, banking, or retail, with those credentials and see if they can get a hit. If they do, voila, they have free miles or money at their disposal. The best way to keep this from happening is to set up unique usernames and/or, at the very least, passwords for every site for which you have an account. United is simply trying to help stop this issue by disabling username logins. Your password will still work, but you should probably change those also, in case your MP account is stored anywhere else that a hacker might find it.
#116
Join Date: Sep 2009
Location: iad/dca
Programs: UA Million Mile Gold, Club, AA, Delta, Marriott, Hertz G, A/Club
Posts: 1,106
#117
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
Here's what one poster said on in the AA hacking thread:
I would think that, at a minimum, AA would do what United has done: "(username and e-mail address sign-on are currently unavailable)"
Also, AA automatically allows for the use of one's email and password to log in, which I think is less secure than even a username. They also have some really cranky folks because AA is assigning new AAdvantage numbers to those who have had account issues during this latest hacking episode.
I think UA has better login security and has had a better response to this than AA.
I would think that, at a minimum, AA would do what United has done: "(username and e-mail address sign-on are currently unavailable)"
Also, AA automatically allows for the use of one's email and password to log in, which I think is less secure than even a username. They also have some really cranky folks because AA is assigning new AAdvantage numbers to those who have had account issues during this latest hacking episode.
I think UA has better login security and has had a better response to this than AA.
#118
Join Date: Oct 2011
Location: BUR / LAX
Programs: UA MM/Gold; WN A-list; HH something depending; Marriott Gold
Posts: 1,546
Does AA also allow (ie: FORCE) you to allow use of a simple 4 digit PIN (even if you want to use a proper password)? I wiped mine twice only to be forced by UA phone agents to create a pin.
#119
FlyerTalk Evangelist
Join Date: Jun 2003
Location: DEN
Programs: UA MM Plat; AA MM Gold; HHonors Diamond
Posts: 15,866
They only have the password provision, as far as I know. There really is no issue with the PIN, however, because one's account gets locked out after about three failed login attempts. I know from personal experience...
#120
FlyerTalk Evangelist
Join Date: Apr 2008
Location: LGA/JFK/EWR
Programs: UA 1K1.75MM, Hyatt Globalist, abandoned Marriott LTT (RIP SPG), Hertz PC
Posts: 21,166