It doesn’t happen often. And when it does, you may never find out that it did (because it’s embarrassing for the companies concerned). But we know that loyalty-program accounts do get hacked. And according to member reports currently circulating on FlyerTalk, hackers have indeed managed to access accounts of Hilton HHonors members to steal points and make purchases with members’ registered credit cards.
The following post from kapkap46, a Hilton Diamond member, is typical:
In another post I outlined 3 hacks in the last 10 days and lost 258,000 points.
They say they’ll put them back in but I’ll believe it when I see it. I have to open a new email account , new username , new passwords, new pins etc and I have spent $150 calling the Diamond Desk from Thailand as well as wasting valuable hours.
I have the same email on 50 different businesses, banks, airlines etc. and never a problem. And Hilton would like to sweep it under the rug. They have a bunch of incompetents in the IT dept and the Billion $ company has their head in the sand.
According to one self-described hacker posting to the thread, the pilfered points are available for sale online for $4.50 for 90,000 – 100,000 points. A bargain, to be sure.
The natural first reaction would be to rush to the HHonors website and change your login credentials. However, according to a second self-described hacker, that may be insufficient to safeguard your data, given the current architecture of Hilton’s site.
So far, there’s been no official response from Hilton—which doesn’t reflect well on the company’s commitment to transparency or to protecting its customers. Until Hilton does provide guidance on the issue, the best HHonors members can do is monitor their accounts, and bring any suspicious activity to the company’s attention.
Reader Reality Check
How safe is your frequent-traveler account information?
This article originally appeared on FrequentFlier.com.