UA Hacked by Same Group that Hit US OPM
Aug 1, 2015, 1:33 pm
#46
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
The hackers in this case may not be particularly interested in booking flights with people's stash of miles. If they have been in the system for a year without detection, it seems that they had other motives than a quick sell of miles for money.
I wonder if the data stolen includes passport data. I assume that's part of the manifest information for international flights.
I wonder if the data stolen includes passport data. I assume that's part of the manifest information for international flights.
Aug 1, 2015, 1:41 pm
#47
Join Date: Oct 2006
Location: IAD
Programs: UA 1K 2MM, Hilton Diamond
Posts: 565
Tin Hat On
In May I had some fraudulent activity on my credit card in the US. Looks like someone cloned my card because the card never left me and it was used in NYC taxis etc.. anyway.. the weird thing was that all the fraudulent activity was done while I was out of the country. I had flown out of the country on United.The activity stopped when I arrived back in the country. It was really weird.
In May I had some fraudulent activity on my credit card in the US. Looks like someone cloned my card because the card never left me and it was used in NYC taxis etc.. anyway.. the weird thing was that all the fraudulent activity was done while I was out of the country. I had flown out of the country on United.The activity stopped when I arrived back in the country. It was really weird.
Aug 1, 2015, 1:57 pm
#48
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
Interesting. Same thing thing happened to me - about a day after I landed in Australia, Chase shut off my Sapphire card after it was used at a grocery store in Texas. I figured it was the taxi ride from MEL to my hotel where they skimmed the card number, but maybe not. Probably coincidence but you never know.
Aug 1, 2015, 1:59 pm
#49
Join Date: Oct 2006
Location: IAD
Programs: UA 1K 2MM, Hilton Diamond
Posts: 565
Aug 1, 2015, 2:59 pm
#50
Join Date: Sep 2005
Location: JZRO
Posts: 9,169
My information was compromised in the Target breach, the Anthem breach, and the lesser-known City of Akron breach. What does one more breach matter?
Aug 1, 2015, 5:06 pm
#51
FlyerTalk Evangelist
Join Date: Dec 2006
Location: Pacific Northwest
Programs: UA Gold 1MM, AS 75k, AA Plat, Bonvoyed Gold, Honors Dia, Hyatt Explorer, IHG Plat, ...
Posts: 16,845
Are you not getting those emails from Chase (annoyingly sent from an account named "Chase Fraud Alert") that say:
As part of our continuous efforts to improve your experience with your Chase Sapphire® card, we've made an update to your account.
In the past, you may have notified us of your travel plans to ensure uninterrupted service while traveling. Because we value your business and your use of this card, you no longer need to provide us with your travel information.
Our fraud detection systems will continue to protect and monitor your account, and we may still decline charges that appear fraudulent.
Your account satisfaction and security is our priority. Should you need us while traveling, call the number on the back of your card anytime. Thank you for choosing Chase.
Sincerely,
Chase Card Services
In the past, you may have notified us of your travel plans to ensure uninterrupted service while traveling. Because we value your business and your use of this card, you no longer need to provide us with your travel information.
Our fraud detection systems will continue to protect and monitor your account, and we may still decline charges that appear fraudulent.
Your account satisfaction and security is our priority. Should you need us while traveling, call the number on the back of your card anytime. Thank you for choosing Chase.
Sincerely,
Chase Card Services
Aug 1, 2015, 6:00 pm
#52
Join Date: Mar 2011
Location: Colorado
Programs: Lifetime UA 1K, Lifetime Hilton Diamond, Lifetime Marriott Bonvoy Titanium
Posts: 1,261
While I agree that United's IT is a complete joke, it is almost impossible to prevent this level of hacking at any company. Just look at Chase - one server out of thousands missing a security patch enabled hackers to get into their core systems. Walls and encryption help, but will not prevent hacks. You need to monitor every activity and use analytics to find anomalies. All it takes is offering an admin that happens to be deep in debt hundred K$ and you will be in.
Aug 1, 2015, 7:24 pm
#53
Join Date: Apr 2000
Location: san antonio, texas
Programs: 3.2MM AA, 1.4MM UA,StwdLftPlt
Posts: 1,586
The hackers in this case may not be particularly interested in booking flights with people's stash of miles. If they have been in the system for a year without detection, it seems that they had other motives than a quick sell of miles for money.
I wonder if the data stolen includes passport data. I assume that's part of the manifest information for international flights.
I wonder if the data stolen includes passport data. I assume that's part of the manifest information for international flights.
Aug 1, 2015, 8:45 pm
#54
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
While I agree that United's IT is a complete joke, it is almost impossible to prevent this level of hacking at any company. Just look at Chase - one server out of thousands missing a security patch enabled hackers to get into their core systems. Walls and encryption help, but will not prevent hacks. You need to monitor every activity and use analytics to find anomalies. All it takes is offering an admin that happens to be deep in debt hundred K$ and you will be in.
Aug 7, 2015, 10:33 am
#55
Join Date: Jun 2004
Location: What I write is my opinion alone..don't read into it anything not written.
Posts: 9,686
Aug 7, 2015, 10:41 am
#56
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
Yes, I got it and promptly ignored it. I'm not bothering with calling when I am trying to use the card, while I'm in the middle of Botswana or something. Much prefer to call, and notify, each card company. If one blocks it anyways, then I just use the other's.
Aug 7, 2015, 10:43 am
#57
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
Aug 7, 2015, 11:17 am
#58
Join Date: Oct 2012
Location: NYC
Programs: AADULtArer
Posts: 5,683
The email tells you Chase no longer does travel alerts. Ive been very happy with Chase with regards to international travel and fraud detection. Several times Ive been snagged, and they have communicated promptly and caught the fraud while still letting me use the card to get home.
Aug 7, 2015, 11:51 am
#59
Join Date: Feb 2009
Location: SEA
Programs: UA SP, DL SM MM, AS 75K, SPG Platinum, Hyatt Diamond.
Posts: 2,596
The email tells you Chase no longer does travel alerts. Ive been very happy with Chase with regards to international travel and fraud detection. Several times Ive been snagged, and they have communicated promptly and caught the fraud while still letting me use the card to get home.
Aug 7, 2015, 12:19 pm
#60
FlyerTalk Evangelist
Join Date: Mar 2010
Location: DAY
Programs: UA 1K 1MM; Marriott LT Titanium; Amex MR; Chase UR; Hertz PC; Global Entry
Posts: 10,159
From what I remember for my 2 Chase cards (United and Marriott), there is an automated system on the phone number which allows travel notifications to be entered. Just dates of travel, not destinations.
Within a day or two, I think they send an email saying we got the travel notice, but be aware that we may deny the charge anyway if we think something hinky is going on...(not an exact quote
)
Bottom line: I think it is just one piece of some type of algorithm which evaluates risk for the charge in progress. I always alert them of international travel as one piece of the puzzle in their system.
Back on topic: Has United really not released details about the data that was at risk and such? I haven't seen anything on the website. Seems pretty crappy not to have a statement about it.
Within a day or two, I think they send an email saying we got the travel notice, but be aware that we may deny the charge anyway if we think something hinky is going on...(not an exact quote
)Bottom line: I think it is just one piece of some type of algorithm which evaluates risk for the charge in progress. I always alert them of international travel as one piece of the puzzle in their system.
Back on topic: Has United really not released details about the data that was at risk and such? I haven't seen anything on the website. Seems pretty crappy not to have a statement about it.