Hackers Steal Millions from Major Mileage Program

Got miles in British Airways’ Executive Club program? If so, you might want to double check to confirm that your account wasn’t hacked.

In the latest instance of a major travel-loyalty program falling victim to malicious intruders, The Guardian reports that “tens of thousands” of Executive Club accounts were fraudulently accessed. According to a British Airways statement:

British Airways has become aware of some unauthorised activity in relation to a small number of frequent-flyer executive club accounts. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts.

We would like to reassure customers that at this stage we are not aware of any access to any subsequent information pages within accounts, including travel histories or payment-card details.

We are sorry for the concern and inconvenience this matter has caused and would like to reassure customers that we are taking this incident seriously and have taken a number of steps to lock down accounts so they can no longer be accessed.

What the company fails to forthrightly acknowledge is that the hackers were indeed able to steal miles from the affected accounts. There’s a long thread on FlyerTalk (47 pages and counting) recounting many cases of lost miles (or Avios, as they’re referred to in British Air’s program). A few examples:

My Avios balance, which was 46,418 yesterday, is suddenly zero. Under recent transactions, there’s an entry that says “ex gratia” and the balance column says “-46,418”. What the heck?!

217,000 taken from my account this morning.

Travel Smarter! Sign up for our free newsletter.

By proceeding, you agree to our Privacy Policy and Terms of Use.

Sign Up

Mine have disappeared too—well in to 7 figures!

Had to reset my password. Almost 900k Avios gone.

Action Items

If you have an Executive Club account, do the following:

• Check your Executive Club account. Although it appears that the airline has identified most of the compromised accounts and restored any stolen miles, there’s no guarantee that the process has been effective in all cases.
• Change your account password. And while you’re at it, be sure to use a combination of upper- and lower-case letters, numbers, and special characters, in random combination.

If you’re not an Executive Club member, let this incident serve as yet another warning that mileage accounts are vulnerable. The first line of defense is a password that can’t be easily broken by hackers’ software. So, create a strong password, and change it regularly.

Reader Reality Check

Has your mileage account ever been hacked? Are you worried that it might be?

This article originally appeared on FrequentFlier.com.