Very easy for an inside job to pass details to an outside source. Membership number, email address, password etc.
I don't quite understand the lack of action. Account had been hacked and flights booked and flown. You have the passport details of the person taking the flight. Did they purchase a flight from some dodgy website that uses stolen points to book flights? Did they book it themselves.
Solution is simple. Set-up a do not fly register and all airlines adhere to it. Do not let these people fly again unless they provide all the details.
A few weeks back I found someone had booked a $480 Jetatar flight using my 28 Degrees card. None of my details were hacked so how did they get past authentication? Has to be some sort of inside job. I called Jetstar before calling Latitude and flight had not yet been taken and I hope Jetstar cancelled that booking.
