American AAdvantage Suffers a Data Hack, in Process of Re-Assigning Some Member Frequent Flyer Account Numbers

United MileagePlus was the victim of a data security breach at the end of last month.

They’re hardly the first loyalty program to face this. Hilton HHonors members now have to certify that they aren’t robots every time they log into their accounts.

This follows Hilton points for sale in large quantities on the DarkNet.

My general understanding of why Starwood points were set up to take so long in transferring to airline miles, years ago, was to combat fraud — points pushed to outside accounts were hard to retrieve. (Specifically there was a fear of fraud by insiders.)

It’s not really surprising then that some American AAdvantage accounts have been compromised.

American is locking accounts that were accessed by an unauthorized third party, and e-mailing the members with a new account number. This process has been going on over the past couple of days, and continues — according to a customer service rep I spoke with:

  • elite members and AAdvantage members with six figure balances at top of the queue for this.
  • affected folks can still book awards, they just need to create a new password before they do it online or verify their account over the phone when issuing tickets.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. What about non-elites with 6-figure balances (e.g., people who got big credit card signup bonuses)?

  2. Hopefully those with large “potential” balances (i.e. if currently issued awards were to be reinstated) are also pretty quickly processed.

  3. I’m wondering if this hack is in anyway tied to newly live option to “link” our AA accounts to matching USair accounts?

  4. The Hilton robot thing is a PITA**
    frequently you cant read the sign language they want you to insert
    I don’t use the site as much anymore
    There has to be a better solution (sigh)

  5. The Hilton robot thing is more than a PITA, it’s impossible to log in. I contacted Hilton and got a canned response. Considering their program/points are not of any value, I guess I won’t be staying at Hilton any more except in the rare case where they offer the rock bottom price. Is that really the kind of behavior they want to encourage? *Shrug*

  6. What did everyone expect? Hasn’t anyone figured out that this “new web” of “freeze the screen pop-up” shit is interlocked by one company? If American Airlines does a “pop up screen” to appear without warning and to freeze the use of the website itself, obviously its prone to a hack!!

    For example, someone visits 15 mutually exclusive news services, a US government page, an airline page, and then something else. Then for all of them, sooner or later, this pop-up, freeze the screen survey shows up FROM THE SAME FUCKING COMPANY!! But all of these websites are different, I thought!!

    This is why Silicon Valley has to be stopped dead in their tracks. They have created what used to be a screen that opened immediately, to a hypnotic scroll open and closing. I saw, let Silicon Valley collapse.

    For American Airlines, I went into “My account” and did not see anything to merge the US Airways accounts. Only that bullshit screen came up when I logged in, which I obviously avoided.

  7. Not sure what Ed is talking about. But I just checked our 2 AA accounts, one of which has 660K+ miles in it. No request for a new FF # for either of them.

    But I did get pop-ups requesting our US AIR FF #’s which were immediately linked to our AA accounts.

Leave a Reply

Your email address will not be published. Required fields are marked *