IHG Rewards Account HACKED

Status
Not open for further replies.
cosi

cosi

Active Member
AFF Supporter
Joined
May 29, 2009
Posts
653
Accidentally discovered this morning, my account has been hacked and 135,000 points withdrawn.

6 x 20,000 Redemptions
1 x 15,000 Redemption

This happen over several days, but prior to the above, the "hacker" tested the system by making 4 x30,000 redemptions and then immediately cancelling them. (Wish I had taken a screen shot before calling the IHG Club whom have now frozen my account for 3-5 working days pending an investigation).

Have now been issued a new account number and new pin.

Anybody else had their hotel loyalty account hacked?
 
cosi said:
Accidentally discovered this morning, my account has been hacked and 135,000 points withdrawn.

6 x 20,000 Redemptions
1 x 15,000 Redemption

This happen over several days, but prior to the above, the "hacker" tested the system by making 4 x30,000 redemptions and then immediately cancelling them. (Wish I had taken a screen shot before calling the IHG Club whom have now frozen my account for 3-5 working days pending an investigation).

Have now been issued a new account number and new pin.

Anybody else had their hotel loyalty account hacked?
Click to expand...

Commiserations.
I may not have a sufficiently criminal mind, but it would seem the only way for the thief to profit is if they on-sell the reservation (they obviously can't just turn up themselves).
Hoping it's just a stuff-up

EDIT: worked out itunes giftcards are probably reasonably liquid
 
That's not good.

Did they redeem hotel nights or gift cards as mentioned by andye?
 
This is what puts me off using those really handy reward account wallet products. I'm sure their security isn't as good as I would like... not suggesting that was the case here.
 
cosi said:
Accidentally discovered this morning, my account has been hacked and 135,000 points withdrawn.

6 x 20,000 Redemptions
1 x 15,000 Redemption

This happen over several days, but prior to the above, the "hacker" tested the system by making 4 x30,000 redemptions and then immediately cancelling them. (Wish I had taken a screen shot before calling the IHG Club whom have now frozen my account for 3-5 working days pending an investigation).

Have now been issued a new account number and new pin.

Anybody else had their hotel loyalty account hacked?
Click to expand...

Happened to me earlier this year, 300,000 + points hacked and used to purchase an iPad.
I perservered, found out where it was being delivered to, googled the place, looked on streetview and even saw the house it was being delivered to ( in Florida USA ) (I am in Victoria - Australia) contacted the local Police there - not interested, told me to contact the Police in victoria who would escalate etc as the offence had been committed here ( it had not, it had been hacked in the US )

I told the police there that if he/she was doing it to me they were probably doing it to someone else and they might catch a crook by following up - NOT EVEN HALF INTERESTED !!

Luckily I had got to IHG in time to stop the delivery of the IPad as IHG send an email when points are redeemed and I checked it out when I got home from work the same day. They referred it to their fraud department and I kept on them for nearly a fortnight and finally got a new account and my points back. The problem is the 4 digit pin, same as Qantas
 
sumthinfornuthin said:
Happened to me earlier this year, 300,000 + points hacked and used to purchase an iPad.
I perservered, found out where it was being delivered to, googled the place, looked on streetview and even saw the house it was being delivered to ( in Florida USA ) (I am in Victoria - Australia) contacted the local Police there - not interested, told me to contact the Police in victoria who would escalate etc as the offence had been committed here ( it had not, it had been hacked in the US )

I told the police there that if he/she was doing it to me they were probably doing it to someone else and they might catch a crook by following up - NOT EVEN HALF INTERESTED !!

Luckily I had got to IHG in time to stop the delivery of the IPad as IHG send an email when points are redeemed and I checked it out when I got home from work the same day. They referred it to their fraud department and I kept on them for nearly a fortnight and finally got a new account and my points back. The problem is the 4 digit pin, same as Qantas
Click to expand...

Pathetic response from a regulatory authority.

Regardless of where the complaint comes from or how insignificant or unrealistic it appears, you check the relevant database for history and log it. You work with diligence and collaboratively with ALL state, national and international affiliates. A reference or file number should have been provided to you. The name of the investigation officer at the very least. There is ALWAYS a point of contact.

There is always an option to escalate the matter. Contact the local ombudsman, politicians or reviewing authorities to ensure protocols were adhered to.

To not act on what may be considered credible information is lol.
 
Exclusive offer: Citi Prestige Credit Card
EXCLUSIVE OFFER - Offer expires: 20 Jan 2025

- Earn up to 200,000 bonus Velocity Points*
- Enjoy unlimited complimentary access to Priority Pass lounges worldwide
- Earn up to 3 Citi reward Points per dollar uncapped

*Terms And Conditions Apply

AFF Supporters can remove this and all advertisements

UPDATE

No email was received re points being used for redemption of anything.

After 5 days, and several emails, points were reinstated with an apology from IHG.

So, all good
 
cosi said:
UPDATE

No email was received re points being used for redemption of anything.

After 5 days, and several emails, points were reinstated with an apology from IHG.

So, all good
Click to expand...

email address
Apologies, my error...the email actually said that my email address had been altered and an advice had been sent to the old = me. bit the same as when you transfer shares on the ASX etc, that was how I picked it up
 
Can I pose this question here, given the relevance ...

How many points should one have in their account, before the risk of theft becomes too high ??

Eg. A million ??, 500k ??, or is just 100k getting too risky to let sit there for months at a time ??
 
I have close to 600,000 points. I am not sure there is any risk of my points being stolen. I do check regularly.
 
grounded said:
This is what puts me off using those really handy reward account wallet products. I'm sure their security isn't as good as I would like... not suggesting that was the case here.
Click to expand...

As long as people keep checking their accounts while connecting to airport/hotel wifi they are pretty much automatically endangering their accounts. It does not matter if you are using a 4 digit point of a 25 letter passphrase, if you sending it in the clear, almost anyone can read it*.

*I work in IT security.

Here's what an eavesdropper sees when you use an unsecured Wi-Fi hotspot | PCWorld
 
I just renewed my Ambassador membership and received the confirmation email with my account number and PIN stated clearly on it side by side, should I wish to log in!
 
SandyS said:
I just renewed my Ambassador membership and received the confirmation email with my account number and PIN stated clearly on it side by side, should I wish to log in!
Click to expand...

I just joined Ambassador and received the same. Great security NOT! Will be sending an email this afternoon to IHG.
 
I think a lot of hacking is in the form of phishing emails designed to look like they're from a legit source so never click on any links provided in an email no matter how genuine looking and instead open up a new browser window and login from the official site of bank, frequent flyer program, ebay, paypal whatever.

Rick93 said:
Can I pose this question here, given the relevance ...

How many points should one have in their account, before the risk of theft becomes too high ??

Eg. A million ??, 500k ??, or is just 100k getting too risky to let sit there for months at a time ??
Click to expand...

What I would like to see is airline and hotel frequent traveller programs giving you the ability to permanently delete the reward option for selecting itunes gift cards or ordering electronics etc ie once that option is gone, not being able to reinstate it.

SandyS said:
I just renewed my Ambassador membership and received the confirmation email with my account number and PIN stated clearly on it side by side, should I wish to log in!
Click to expand...

So if somebody hacked into your email they could easily search for the info they needed and bingo.

grounded said:
This is what puts me off using those really handy reward account wallet products. I'm sure their security isn't as good as I would like... not suggesting that was the case here.
Click to expand...

Both myself and SO have used Award Wallet for several years incident free (touch wood). The IHG 'security' sounds like a hackers dream come true.
 
Status
Not open for further replies.

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

Total: 203 (members: 9, guests: 194)
Back
Top