Priority Club Shopping Toolbar: a Glitch I Decided Not to Write About

Priority Club offered 300 points for downloading their shopping toolbar. That’s the software that helps you automatically earn Priority Club purchases when you visit a merchant you can earn points with. (I don’t recommend earning through the Priority Club portal most of the time as it isn’t as rewarding as other alternatives.)

Friday evening I realized that they didn’t actually make you complete the download and install the toolbar to earn the points, and the only way they kept you from earning the points over and over was cookies or a similar technology.

Unsurprisingly, since I realized it, others did too. Folks were clicking through the download offer over and over using Google Chrome’s incognito mode, earning 300 points each time. Some just hit the back button and then re-submitted over and over, others wrote scripts to do it for them, and they very quickly accumulated at a minimum hundreds of thousands of points.

The reason I didn’t post it is because this ‘felt different’ than a mistake fare, or a discount meant to be targeted but that was opened to everyone.

I haven’t done a total analysis of why, but I wasn’t really comfortable with this one. Usually I share things and let others decide. I wasn’t sure how I felt, I was busy throughout the weekend (notice no posts at all after Saturday morning).

And I thought there were real risks, too. Priority Club has had similar glitches in the past with surveys where you could take them over and over and earn points each time. And they haven’t just reversed the points when the glitch was discovered, they’ve closed down accounts.

Sharing things broadly seemed to me to expose readers to the real risk of getting banned from the Priority Club program, and I didn’t want over-eager folks in that bad position.

Now I’m hearing that’s exactly what’s happening, some accounts being closed now that Priority Club is realizing what happened. It remains to be seen whether folks that earned points and already redeemed then will get to keep their redemptions or not. Too soon to tell.

Question: Should I have written about this, or kept it to myself?

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »


  1. […] Users have the option of removing this and all other advertisements.  More Priority Club Shopping Toolbar: a Glitch I Decided Not to Write About – View from the Wing […]


  1. Maybe you would have helped people by letting them know they could lose their accounts by abusing this glitch but I agree in not helping increase the abuse

  2. I guess some people don’t believe in Divine justice, karma, etc.. I read about it elsewhere (the offer, not the bug), but 300 PC points didn’t move me to act. I’m now even more glad that I was nowhere near this one!

  3. You took the ethical road. Truly I wouldn’t have respected your posting that glitch. Taking advantage of a hidden glitch somehow seems different than something hanging out there for everyone to see. Maybe the ethical lines are crossed both ways but I don’t see it.

  4. I would love the 300 points but some people abused this and they took it down. I hope it comes back.

  5. Hmm, I can’t log into right now, I wonder whether this is related.

    One lesson learned from this and the recent United 4-miles-to-HKG ‘promotion’ is that the only ones who benefit are those who take immediate travel. I bet there were one or two people in IC redemptions last night that went through ok.

  6. I think you did the right thing here, but it’s not clear to me how it’s any different from the United 4-mile HK tickets, which were similarly an obvious website glitch. There seems to be an invisible line somewhere with mistake fares, programming errors, etc. and somehow “cheap but reasonable” is okay while “free ad infinitum” is not.

  7. I’m with the majority so far – you also have a reputation with the industry to consider. No reason to undermine it by pointing people to something like this. Those that tried to take advantage had to know the risk they took…

  8. I noticed this myself as I tried to download it with Firefox and it gave me an error. So I switch over to IE and was able to download it. I noticed my balance went up 600 points. I didn’t try anymore. I hope my account doesn’t get shut down.

  9. Gary,

    I can’t articulate this very well, but there seems to be a difference between mistake fares that a single person can practically take advantage of once or twice, and an error that allows one to rob it blind by taking advantage of it in perpetuity.

    Maybe it’s because buying two HKG tickets at 4 miles a piece can’t be considered abusive whereas writing a script to take advantage of a 300-mile error 1,000 times clearly is. If I were PC, I may very well “fire” those customers too. I wouldn’t want to do business with people who treat me like that.

  10. I agree that it was correct not to post it, though Stewart makes a good point that if you’d posted it for the purpose of reminding the community that PC had addressed similar glitches in the past by closing accounts, that would’ve been very reasonable.

    I did take some advantage of the glitch (more than 10k but less than 100k), and as Jan M says, was definitely aware of the risk. Definitely wouldn’t have done it if I had started out with more than a trivial amount of points in the account, for instance. Some people did redeem, but I wasn’t willing to go that far — to me that crosses another even more serious line.

  11. you did the right thing. Instances such as this really come close to “stealing” and the ability to replicate the points within seconds (time and time and time again) isn’t playing fair and we all know it.


  12. How is buying even one ticket to HKG at 4 miles not seen as abusive but perhaps earning 300 PC points even twice is? One HKG ticket around the world may have cost UA thousands of dollars. 300 extra PC points costs under a quarter.

    Both should feel “wrong” regardless of the quantity or value.

  13. And to add: I don’t think either topic (4 mile HKG or the PC toolbar glitch) should have ever made it to any blog while live. Well, the PC toolbar was OK to discuss because it was a legit 300 points. Just leave out the technical glitch.

  14. @Dan what about someone who sat in front of their computer and manually clicked 100x for 30K points? That’s worth a couple hundred dollars, so not as much as what UA lost during 4-mile gate. What about 200x? I’m guessing that it took maybe 15 seconds to do an entry, so one could probably do 4 a minute? An hour could theoretically yield at least 70,000 points. Still worth less than an F ticket to Hong Kong. And I am sure that many people purchased multiple tickets to Hong Kong.

    All in all, I agree that anyone who participated in this probably knew what was going on and put their account to risk , but it’s disingenuous to incinerate that this community is “morally higher” than that

  15. @Gary – did not do HKG because of existing time off / travel plans already set. For PC, didn’t work in my account anyway, I couldn’t even get initial 300 points.

  16. My point was that if one web programming error feels wrong, so should another that takes advantage of a company. So if you take advantage of one and think it’s ok, the other shouldn’t really bother you either.

  17. I agree with ArizonaGuy, both seem to be similar technical glitches, and if one feels wrong so should the other

  18. I think you should have let people know so that no one, albeit through their own greed, risked having their account closed. The Priority Club would no doubt have closed the web bar download down immediately. I see the difference between this and the UA 4 points deal as being that whilst both were clearly mistakes, one can customarily book as many airline tickets as one wants but downloading more than one toolbar per browser is not done. I realize the distinction I am making is very fine but I do think it exists.

  19. I agree. Glitches that potentially expose multi-billion dollar companies should not be posted.

    Public posting should instead be reserved for those deals that steal from the blind!

  20. @IRAR Hilarious. Holy crap BoardingArea needs to install a new WordPress commenting system with a +1 / Like function.

  21. I like you decision, not only ethically, but because publicizing it would kill the deal. We do have at least one blogger in our community who fails tp consider the likelihood that publicizing a mistake opportunity would kill it. Many accounts of another type were closed as a result of one of his recent posts. Killing a deal helps nobody.

  22. I know someone who got 608k points in a few hours using a script after I DM’d him about this on twitter. Of the 6 people that I messaged about this only 3 that I know of actually did this and one was able to CASH out via Amazon gift card for a total of about $3000.

    I did not participate, but shared this privately to some who I trust and decided to not blog about it publicly because it would be a disservice to newbies who would spend a lot of time doing this and not have a happy ending.

  23. I hope that anyone who took advantage repeatedly of this glitch has their account shut down and I hope they lost whatever points they may have had in their account prior to this matter. Moreover, they should be banned from the P/C program for life.

    This is not the case of a mistake, or of having taken other surveys meant for a different region — though that is pushing it in my opinion — this is clearly out and out fraud and as such, given that use of the wires is utilized, I can only hope that one person is made an example of and prosecuted criminally.

    Don’t like the response, Tough. Don’t commit fraud.

  24. Oh, Joshua?

    Pray tell what a happy ending is?

    The commission of fraud?

    You disgust me.


  25. This is similar to a political dilemma being faced by one of our presidential candidates. If he reveals his tax returns and shows how much he saved by “avoiding” taxes, he will be praised by some as being wise enough to beat the system and scorned by others as not paying his fair share.

    Your situation is not very different. And none of us is perfect. If the goal is to take advantage of a mistake because a company isn’t wise enough to foresee it, then you have committed no wrong. Conversely, if your rule is “do unto others”, then you move on or perhaps even consider reporting the error.

    I, for one, am not comfortable walking out of a store if I have either received too much OR too little change. Neither outcome is acceptable to me. But I don’t preach as to what others should or should not do. So, your original question is one that only you can and should answer for yourself.

  26. The reality is Priority Club management put up a webpage and offer with inadequate testing and quality assurance. Due diligence says management abused the trust of their owners/shareholders by placing inadequate controls over their assets (points). If management cleans up their act they may yet fix the offer, but don’t lay the blame for management’s blatant failure on external parties. Nobody kicked in any doors, lied, or broke into a system.

    “10.DaninSTL said,

    I would love the 300 points but some people abused this and they took it down. I hope it comes back.”

  27. @Arizona Guy

    How do you figure that the 4 mile HKG mistake would cost UA thousands? I’d argue that it doesn’t. Airlines have outrageously high fixed costs (getting the plane in the air) while having very low marginal costs (actually filling the last seat on an already full plane.)

    The catering costs may or may not be real; it depends on the airline’s catering policies. I mean, do they stock food regardless of the number of premium seats sold, and throw it out at the end if the cabin takes off empty?

    The largest expense for UA is likely the opportunity cost, and even that may not be very much. Presumably, airlines only make seats available for reward redemption when they don’t expect to sell them. So, what’s the cost of giving away something you don’t expect to sell in the first place?

  28. @Arizona Guy

    WRT the abusive bit… Miriam defines “abusive” as “wrongly used” or “corrupt.”

    Well, UA did intend to sell award seats via its website, so I think it’s a stretch to say that purchasing one or two tickets in that circumstance was “wrongly used.”

    OTOH, I don’t think the airlines or PC intend for people to write scripts that hit up hundreds or thousands of transactions per day. Heck, I could even argue that downloading 10 copies of a browser and installing the tool bar 10 different times is using the toolbar in a manner in which it’s intended, and therefore not abusive.

    Mind you, I’m not arguing that it’s right to take advantage of various mistakes. What I’m arguing is what rises to the level of “abuse.”

    Was making excessive use of the coins deal abusive? Hard to say; clearly, people were not participating in the program in the manner in which it was intended, but the mint knew about it and took forever to shut it down.

    As far as the morality of it all is concerned… well, I can’t claim to be in the clear ethically. After all, I have a small business card to which I’m not entitled, and had to tell a few fibs to get.

    Do you sign up for multiple credit cards with the intention of getting bonuses only, and then canceling them before the annual fee is due? If you hit up chase 6 times, I could argue that *that’s* abusive, because surely Chase isn’t intending to just give away points.

    Finally, quantity and value have everything to do with what constitutes “abusive.”

    Me, I just play this game without trying to stick out like a sore thumb.

  29. @Andy

    I was not making an argument purely about morals, and never will with this game. A purely moral person would only sign up for credit cards that they actually intend to use after they get the signup bonus.

    It’s not my job to determine whether or not an item is priced fairly for the supplier. Likewise, it is not the supplier’s job to price an item or service at an amount that is fair to me. They charge ripoff fees all of the time, many times at a price that is significantly higher than the cost of actually delivering the service. (Pop quiz: How much does it actually cost UA to cancel an award ticket and refund the miles for a general member?)

    The real question is if I were PC, where would I draw the line with which customers were ripping me off and therefore I’m going to fire…

  30. It is your blog to do as you please. If someone was paying for a service and you were hiding things from them then I would think otherwise.

  31. This comment thread is eerily similar to the 4-mile conversations we had, where everyone who had the opportunity to get in on the deal is defending actions while everyone who did not or could not get in is calling fraud.

    It would make a great discussion topic at ORD or FTU.

    @Dan It is a gray area, no doubt. But regarding the abuse thing, there was recently a JFK-IAD-ORD mistake fare for $32 o/w on UA, giving about 1100 PQMs, a fantastic deal and easy to do repeatedly. Some people bought upwards of 10 roundtrips, and it was widely advertised on FT/MP/blogs. To me, that is abusive of a mistake, since most people will use a mistake fare once (usually because it’s a long-distance trip), not 10+ times. And unlike an award ticket, these were revenue tickets that translated to big losses in terms of revenue per seat for UA. But nobody really had any problems with that … when the deal was over, people congratulated those who got in on the deal, even though $10+taxes o/w is not a reasonable UA fare at all.

    Also, like I mentioned, it sounds like it took very little time to go through the signup process for these 300 PC points, where I made a rough calculation that one could easily do it manually 4 times a minute, maybe even more (bringing it down to 10 seconds per transaction makes it 6 a minute). Sit down at your computer for an hour and that’s 360 transactions. (“Some just hit the back button and then re-submitted over and over”).

  32. Well, I wish I had of seen this ….

    Looks like I’ve just LOST my PC & IC RA account.

    I can’t begin to tell you how that makes me feel. I had a booking for a four night stay in an IC Club suite for our 20th Wedding Anniversary …. and now it looks like I’ve lost it. All because I had no idea that this could happen over too may entries into a PC promo.

  33. Aloha Dave,

    You have a very flexible view of right and wrong. Yes management is to blame and the shareholders have a right to fire them, but those who abused the system are not innocent parties and have defrauded the very shareholders/owners you speak of.

    I am not surprised at the morals or lack of same herein.

  34. I appreciate, that many of you on this forum may be from other than Australia.
    Not too long ago, in Australia, there was a promo from AMEX. This too allowed people to ‘exploit’ a system that saw some account holders acquire up to 23 million points ( I think was the highest tally ), all from taking advantage of a process that COULD BE DONE. I f AMEX wanted to shut it down – they could of… but didn’t, They simply thought they would not post the points. Many account holders took AMEX to our various ‘Fair Trading’ authorities … AND WON !! AMEX were forced to pay up with milions and millions of points.
    Even though I thought I was ‘exploiting’ a glitch, I had no idea my PC account could or would be closed as a direct result of my activity. In NSW Australia, we pride our Fiar Trading laws to force traders to GIVE what they promote / sell. If this PC promo was BASED in NSW … there would be no problem. The worst that would happen, would be the provider shuts down ANY FURTHER offer of the same promotion …. WHICH IS ALL I THOUGHT WOULD HAPPEN IN THIS CASE.

  35. There are some folks in these comments giving the impression they didn’t partake in this deal where their tweets suggest otherwise 😉

    Meanwhile lots of redemptions of these points appear to be getting cancelled, in addition to accounts locked.

Comments are closed.