Qantas ff account hacked

[JohnK]

I cut and paste my post in case I get logged out.

Sometimes when you login again after you think you've lost your post it will prompt you to reinstate your post.

Force of habit using Ctl+C before hitting "Submit Reply". Used to have dodgy mobile broadband connection that cut out regularly.

 

[OATEK]

Force of habit using Ctl+C before hitting "Submit Reply". Used to have dodgy mobile broadband connection that cut out regularly.

Ctrl-A to highlight all the text in the box, and then Ctrl-C?

 

[G00r]

Do you use Lastpass to login to this forum?

I do, but I also have the 'remember me' box ticked. And although it would help you out, as others have suggested, there may be other issues plaguing you

 

[ayebee]

Hi all,
It has already been said, but hoping the more who say it helps ...
I agree it is time Qantas implements a more secure password arrangement. A simple 4 digit PIN just does not cut it any more.
Qantas recognises the value of the loyalty program contribution to its business, and this value is linked to the security of the accumulated points.

 

[snooksy]

This just happened to me. I checked my account late last night and noticed around ~100k points were missing from my account. I called Qantas straight away but was told they can't do anything until next week. The hackers gained access on Wednesday and set up a false yahoo email address in my name. They then transferred ~100k points for woolworths gift vouchers. Unfortunately if Qantas could act quickly then they could possibly cancel the vouchers and prevent them being cashed. If they wait until next week then it's probably too late.

I wasn't happy as I was saving up points to visit my partner overseas in a few months. At this stage I'm just worried I won't get the points back. I agree with previous posters that Qantas really really needs to increase the security on their accounts. With all the points in the accounts people use them like bank accounts to save for travel expenses. I think Qantas should require SMS verification for any purchases on the site and only allow changing phone number once phone number verified and a series of security questions answered over the telephone.

I would suggest to everyone that if you have high points balance you care about then best to check your balance very regularly!

I'll update next week once I speak to Qantas some more.

 

[BacchusMarsh]

I wasn't happy as I was saving up points to visit my partner overseas in a few months. At this stage I'm just worried I won't get the points back.

You'll get the points back.

 

[samh004]

I've had points stolen. You sign a stat dec and they give you the points back. Usually vouchers aren't instant anyway so they can stop them and even if they do provide them to the hackers, it wouldn't be hard beyond that to cancel and/or find out who used the vouchers. Possession of stolen property and all.

 

[Sdtravel]

I would suggest to everyone that if you have high points balance you care about then best to check your balance very regularly!

Its funny, i end up checking my balance ever few days. Not specifically incase they get stolen just my travel obsession sees me open the QF app often.
On the train home ill go "Hmm i wonder what my points balance is, oh good those upcoming trip i have book in are still there." Most of the time there arent any changes since the day before.

 

[serfty]

I use Awardwallet - it provides notification of changes to point tallies at least once per week.

BUT Qantas can do better - with AAdvantage and Hyatt I get notification as soon as an award is redeemed ... also, at least with AAdvantage, a change in email address prompts an emailed notification to the previous address.

 

[dsx2]

This just happened to me. I checked my account late last night and noticed around ~100k points were missing from my account. I called Qantas straight away but was told they can't do anything until next week. The hackers gained access on Wednesday and set up a false yahoo email address in my name. They then transferred ~100k points for woolworths gift vouchers. Unfortunately if Qantas could act quickly then they could possibly cancel the vouchers and prevent them being cashed. If they wait until next week then it's probably too late.

I would suggest to everyone that if you have high points balance you care about then best to check your balance very regularly!

I'll update next week once I speak to Qantas some more.

I am in a similar boat, just checked my account to see ~100k points missing, they have all been family transferred to various accounts 5k at a time, which shows that Qantas do not actually enforce the family rule. This ouccured on the last day of october.

They had also changed my email so i received no notifications of this

I'll give them a call tomorrow, hopefully they can help me out but this should be fully traceable and no liability should be on me.

The one thing that really got me is that someone can change the email address on the account with no notification being sent. I just reset it back to the correct email and did not receive any notifcations

 

[drron]

And reset the PIN I hope.

 

[dsx2]

And reset the PIN I hope.

Ofcourse, that was the first step

 

[Walter_Plinge]

I use Awardwallet - it provides notification of changes to point tallies at least once per week.

Thanks for the tip. I signed up just now. Nice program.

 

[exceladdict]

Thanks for the tip. I signed up just now. Nice program.

Does using something like this (or the aff status verification) breach Qantas's t&cs about revealing your pin, opening up your liability for any losses?

 

[sumthinfornuthin]

Its funny, i end up checking my balance ever few days. Not specifically incase they get stolen just my travel obsession sees me open the QF app often.
On the train home ill go "Hmm i wonder what my points balance is, oh good those upcoming trip i have book in are still there." Most of the time there arent any changes since the day before.

Glad I'm not the only one
addictions take many forms !!

 

[sumthinfornuthin]

Does using something like this (or the aff status verification) breach Qantas's t&cs about revealing your pin, opening up your liability for any losses?

Good point
never thought about that

 

[JohnK]

I've had points stolen. You sign a stat dec and they give you the points back. Usually vouchers aren't instant anyway so they can stop them and even if they do provide them to the hackers, it wouldn't be hard beyond that to cancel and/or find out who used the vouchers. Possession of stolen property and all.

Do they actually care enough to follow up? Usually the police are not interested in these types of matters.

 

[sumthinfornuthin]

Do they actually care enough to follow up? Usually the police are not interested in these types of matters.

I can vouch for that having had 300,000 IHG points hacked

 

[samh004]

Do they actually care enough to follow up? Usually the police are not interested in these types of matters.

I can vouch for that having had 300,000 IHG points hacked

My issue was with Qantas where my account was hacked several times. Ultimately it necessasitated a bigger change to my account so it couldn't happen again, but in terms of QF's response, so long as I had done the statutory declaration, they were happy to reverse the points transfers. I also raised the issue with the police through a service called ACORN. Now while that seemed to go nowhere, it's a reporting service and I did my bit, getting my points back.

 

[EestiTiger]

I use Awardwallet - it provides notification of changes to point tallies at least once per week.

BUT Qantas can do better - with AAdvantage and Hyatt I get notification as soon as an award is redeemed ... also, at least with AAdvantage, a change in email address prompts an emailed notification to the previous address.

The less people that know you pin, including 3rd party apps the better! Without knowing where and how they store / transmit your data, it is another risk I am not exactly comfortable with. All it takes is one rogue employee regardless of how secure they think things are.

QF really do need to do something though. It is crazy / unforgivable in this day and age to think a four digit pin is secure.

Here is a great article I read recently which is scary... https://nakedsecurity.sophos.com/2016/12/05/how-to-guess-credit-card-security-codes/

As impractical as it is, at the moment, like a few others have mentioned, I just check my balance way too often.