Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > United Airlines | MileagePlus
Reload this Page >

Anyone get suspicious login attempts recently? (United related)

Anyone get suspicious login attempts recently? (United related)

Old Jul 28, 20, 6:17 pm
  #1  
Original Poster
 
Join Date: Jan 2009
Location: Sugar Land, TX
Programs: United Premier Gold, United Club
Posts: 582
Anyone get suspicious login attempts recently? (United related)

Recently I got a recovery attempt from the middle east on my Google account (account recovery). I of course denied that request. Then I got an identity alert from a monitoring service that a password has been found/compromised. Unfortunately the site does not show even parts of the password so it was difficult for me to find out what logon was compromised and I did not want to change all my passwords. However it does show the length, so on a hunch I looked at my password vault. I actually found that the length I had used was unique, and found only one site that used it: my United account. I've since immediately change my password.

Since the login ID that they referenced in the ID alert was my email and not my FF number, I'm not sure how they got the password. Maybe I typed it in somewhere on an unsecure machine or it got captured from some other location or it got lifted from my clipboard unknowingly, though it's been a long time since I've used the United site because of the current situation so who knows where it came from.

Anyone recently notice any suspicious activity like this recently? I want to say it was a mistake on my part as of now, but just wanted to check. Looking at news reports the last reference to any reported breach was back in 2015. I have changed the password multiple times since then, and am fairly confident my older passwords were not the same length.

Last edited by quantumslip; Jul 28, 20 at 6:34 pm Reason: timeframe clarification
quantumslip is offline  
Old Jul 31, 20, 11:17 am
  #2  
RNE
 
Join Date: Sep 2005
Location: AKC
Posts: 8,477
Originally Posted by quantumslip View Post
Recently I got a recovery attempt from the middle east on my Google account (account recovery). I of course denied that request. Then I got an identity alert from a monitoring service that a password has been found/compromised. Unfortunately the site does not show even parts of the password so it was difficult for me to find out what logon was compromised and I did not want to change all my passwords. However it does show the length, so on a hunch I looked at my password vault. I actually found that the length I had used was unique, and found only one site that used it: my United account. I've since immediately change my password. Since the login ID that they referenced in the ID alert was my email and not my FF number, I'm not sure how they got the password. Maybe I typed it in somewhere on an unsecure machine or it got captured from some other location or it got lifted from my clipboard unknowingly, though it's been a long time since I've used the United site because of the current situation so who knows where it came from.
Let me see if I understand this. You do ***not*** have any knowledge that anyone ***actually*** attempted to or did access your United account, correct?
RNE is offline  
Old Jul 31, 20, 11:44 am
  #3  
Original Poster
 
Join Date: Jan 2009
Location: Sugar Land, TX
Programs: United Premier Gold, United Club
Posts: 582
Originally Posted by RNE View Post
Let me see if I understand this. You do ***not*** have any knowledge that anyone ***actually*** attempted to or did access your United account, correct?
My post was mainly focused on Google, and I only brought in United because of the password length (as mentioned in my post). I have not personally noticed any issues on my United account right now.
quantumslip is offline  
Old Jul 31, 20, 4:26 pm
  #4  
 
Join Date: Dec 2019
Posts: 35
Originally Posted by quantumslip View Post
My post was mainly focused on Google, and I only brought in United because of the password length (as mentioned in my post). I have not personally noticed any issues on my United account right now.
Because the login ID was your email and not your FF - I would be more willing to believe the password length is more of a coincidence than evidence that UA accounts have been compromised. Its far more likely that the masked password (***) was just a place holder or that the UI/visual display just happened to cut it off at the right length to match your password. (Its common for design elements to do things like that) If they specified the actual length in exact number form, and not by counting the masked characters - that may be a different story. I would change all passwords that use that email as a login.
random.parts is offline  
Old Jul 31, 20, 5:18 pm
  #5  
Original Poster
 
Join Date: Jan 2009
Location: Sugar Land, TX
Programs: United Premier Gold, United Club
Posts: 582
Originally Posted by random.parts View Post
Because the login ID was your email and not your FF - I would be more willing to believe the password length is more of a coincidence than evidence that UA accounts have been compromised. Its far more likely that the masked password (***) was just a place holder or that the UI/visual display just happened to cut it off at the right length to match your password. (Its common for design elements to do things like that) If they specified the actual length in exact number form, and not by counting the masked characters - that may be a different story. I would change all passwords that use that email as a login.
Looking at the alerts the length of the password is not fixed across all alerts but varies. I see the shorter ones from earlier alerts that are referencing sites and password on which I knew I used some pretty crappy passwords. As newer sites get hacked/compromised I'm starting to see more of the longer passwords show up in my alert list.

The email and not my FF being leaked did give me pause, but it could have been how the data was packaged for sale in the dark web. Either way I've already changed my United password, and will monitor the rest.
quantumslip is offline  
Old Jul 31, 20, 9:15 pm
  #6  
 
Join Date: Jan 2007
Location: Bellingham/Gainesville
Programs: UA-G MM, Priority Club Platinum, Avis First, Hertz 5*, Red Lion
Posts: 1,884
Originally Posted by quantumslip View Post
Looking at the alerts the length of the password is not fixed across all alerts but varies. I see the shorter ones from earlier alerts that are referencing sites and password on which I knew I used some pretty crappy passwords. As newer sites get hacked/compromised I'm starting to see more of the longer passwords show up in my alert list.

The email and not my FF being leaked did give me pause, but it could have been how the data was packaged for sale in the dark web. Either way I've already changed my United password, and will monitor the rest.
https://haveibeenpwned.com/

Use this site to check which of your accounts may have been compromised.

Use ublock origin to keep sites from uploading pii from your devices.
prestonh is offline  
Old Aug 2, 20, 12:51 pm
  #7  
RNE
 
Join Date: Sep 2005
Location: AKC
Posts: 8,477
As I tried to imply (apparently unsuccessfully) this thread is not UA related.
RNE is offline  
Old Aug 2, 20, 12:55 pm
  #8  
Moderator: United Airlines; FlyerTalk Evangelist
 
Join Date: Jun 2007
Location: SFO
Programs: UA Plat 1.85MM, Hyatt Discoverist, Marriott Plat/LT Gold, Hilton Silver, IHG Gold
Posts: 52,038
Originally Posted by RNE View Post
As I tried to imply (apparently unsuccessfully) this thread is not UA related.
If so, it will die a natural death (once there are no new posts) unless someone wants to suggest a better forum
WineCountryUA is offline  

Thread Tools
Search this Thread
Search Engine: