UA-NYC

Not equivalent - I can still use my username to log into AA.com. Maybe AA only disabled that ability for those affected.

Meanwhile, UA disables it for everyone, and has zero communication about it

Happy

Does anyone get this message when attempt to log in United site?

(username and e-mail address sign-on are currently unavailable)

It allows me to log in with MP number and PIN but why it disables the username / password function? I dont remember my MP number, besides this is very insecure. Our accounts are always using username / password from the day with CO.

Or this is a known glitch that I am just not aware of? Anyway to fix it?

EDIT
I cannot even find a web support tel number to call. The UA website directs me to an online email submission form!!!

dll

AA has apparently limited the fix to those with affected accounts. In those cases, including mine, an entirely new duplicate account with a new account number was created. They're in the process of remapping all account info to match it up.

Mind you, we've not had any official communication from AA on this either, only what has been reported in the media. No other follow up. UA and AA haven't entirely impressed me on this issue.

UA-NYC

Both could be more forthcoming, I agree with you on that.

I just see AA using a smart scalpel, and UA using a big, dumb hammer.

Happy

Can we set a password with the MP number, so we dont need to use the 4 digits PIN? Still a pain to use the MP number as it is not one easy to remember. We never link it to anything other then occasional car rentals and hotel bookings.

Just how it can improve the security when UA was hacked last year on accounts that used MP number and PIN to log in?

My friend got 300K balance wiped out from his account for redeeming MacAir and iPad shipped to a warehouse address at LA Port. He found this out when his account was locked. MP CS dept told him what happened but the orders were detected and canceled by MP then locked his account which was restored with everything after 48 hours but he was told to switch to username and password as log in method.

Anyone remember last year people's tickets with Air China premium cabin award flights were canceled by someone in China logged in UA site with MP number and canceled those tickets?

Now we are forced to go back the highly insecure method of MP number and PIN?

This is beyond ridiculous.

No communication whatsoever, not even a banner announcement on the home page.

Still cannot find Web Support tel number on UA site.

Happy

Same here. Never receive any email on redemption / account profile change email alerts.

Both AA and SPG sends such alerts. Any tiny bit touching the SPG profile now tricks an email alert.

Bonehead

Not sure how smart AA is, because leaving the username/password login option available would seem to fail to plug the hole.

altbg

I am not sure if this is related or not, but I just noticed last night that my primary email address that is associated with my MP account was changed to one that ended in @inbox.com. My actual email address that I have been using for years was suddenly listed as a secondary address.

Has anyone else noticed something similar?

mgcsinc

I would get in touch with UA...

ILcoflyer

Why do people keep assuming that the breach was from a website that United does business with? Many people, myself included, use the same username and password for multiple websites, not just ones associated with United, for which I should know better. All that needs to happen is for any site, for which you use the same username and password as United, to be hacked, and then the perpetrators can go out and attempt to log into a variety of sites, whether it be airline, banking, or retail, with those credentials and see if they can get a hit. If they do, voila, they have free miles or money at their disposal. The best way to keep this from happening is to set up unique usernames and/or, at the very least, passwords for every site for which you have an account. United is simply trying to help stop this issue by disabling username logins. Your password will still work, but you should probably change those also, in case your MP account is stored anywhere else that a hacker might find it.

iquitos

Which perfectly characterizes united's approach to IT. Big hammer.

Bonehead

Here's what one poster said on in the AA hacking thread:

I would think that, at a minimum, AA would do what United has done: "(username and e-mail address sign-on are currently unavailable)"

Also, AA automatically allows for the use of one's email and password to log in, which I think is less secure than even a username. They also have some really cranky folks because AA is assigning new AAdvantage numbers to those who have had account issues during this latest hacking episode.

I think UA has better login security and has had a better response to this than AA.

abaheti

Does AA also allow (ie: FORCE) you to allow use of a simple 4 digit PIN (even if you want to use a proper password)? I wiped mine twice only to be forced by UA phone agents to create a pin.

Bonehead

They only have the password provision, as far as I know. There really is no issue with the PIN, however, because one's account gets locked out after about three failed login attempts. I know from personal experience...

UA-NYC

Nope! Not at all.