United MileagePlus was the victim of a data security breach at the end of last month.
They’re hardly the first loyalty program to face this. Hilton HHonors members now have to certify that they aren’t robots every time they log into their accounts.
This follows Hilton points for sale in large quantities on the DarkNet.
My general understanding of why Starwood points were set up to take so long in transferring to airline miles, years ago, was to combat fraud — points pushed to outside accounts were hard to retrieve. (Specifically there was a fear of fraud by insiders.)
It’s not really surprising then that some American AAdvantage accounts have been compromised.
American is locking accounts that were accessed by an unauthorized third party, and e-mailing the members with a new account number. This process has been going on over the past couple of days, and continues — according to a customer service rep I spoke with:
- elite members and AAdvantage members with six figure balances at top of the queue for this.
- affected folks can still book awards, they just need to create a new password before they do it online or verify their account over the phone when issuing tickets.