“I received 2 emails yesterday from Hilton saying that my HHonors points had been redeemed through Amazon.com. I immediately logged into my Hilton account and I’ve gone from approx 268,000 down to 1000, so around 267,000 were stolen. No idea how this could have happened. Email stated to call Amazon if there is a problem with the transaction or if I was not the one who placed an order. It doesn’t make sense that they say they cannot track down a transaction using my Hilton number as there has to be some kind of record of the points transfer from Hilton.”
Reports of Some Hilton Honors Accounts Breached; Points Used For Amazon Purchases
The paragraph you have just read is the experience imparted by FlyerTalk member pinion, who has yet to hear from either Hilton Honors or Amazon in order to resolve this issue…
…but a similar issue which was experienced by FlyerTalk member BearX220 “has now been very effectively addressed by Hilton” as “Hilton reached out to me 15 days after the breach came to my attention and resolved the question to my satisfaction. I have to say that once service recovery kicked in, it was personal, clear, and effective. The only downside is, I have to commit a new Honors account number to memory.”
Official Response From Hilton
Upon reaching out to a representative of Hilton pertaining to this specific issue with Amazon, this is the official response which I received:
“…we believe that Hilton Honors Points are valuable and should be protected. We always encourage our members to protect their account information the same way they would an email or bank account. That includes reviewing account transactions on a regular basis and using strong passwords that are changed often. It’s also important that passwords are unique and not shared across different accounts.
“If a Hilton Honors member notices suspicious account activity, we encourage them to contact us immediately. We will investigate, respond and if appropriate, make them whole.”
Data Breaches are Unfortunately Rather Common
Fortunately, the frequent travel loyalty programs of most companies have converted the process of accessing a membership account from using a personal identification number of only four digits to using an actual password with mixed characters in order to increase security and mitigate the possibility of having membership accounts accessed by unauthorized people…
…but one notable exception is IHG Rewards Club, which still to this day has its members use personal identification numbers with only four digits to access their membership accounts. Theoretically, they are therefore likely more susceptible to data breaches than the membership accounts of competing frequent travel loyalty programs.
Although I have written extensively about data breaches which compromise your personal information — as well as the miles and points which you have worked so hard to earn over the years — the following articles do not even come close to documenting all of the data breaches solely within the travel industry, as no frequent travel loyalty program appears to be immune or completely secure:
- Starwood Guest Reservation Database Security Incident: I Finally Received My Letter From Marriott — Part 2
- You May Get a Share of Money From Kimpton Hotels Data Breach Settlement
- Your Chance to Claim Up to £1,500 From British Airways as Compensation For Data Breach
- Delta Air Lines Cyber Incident: Customer Information Breach Possible
- Credit Card Security Breach at 41 Hyatt Hotel Properties in Eleven Countries
- Payment Card Data Breach Confirmed by Kimpton Hotels & Restaurants — and What You Can Do
- Data Breach Reported by Hyatt Hotels Corporation: What You Can Do
- More Data Breaches with Starwood and Hilton: What You Can Do
- Another Possible Security Breach of Information With Hilton — This Time, With Credit Cards
- Should Points or Miles Be Given to Compensate Loyalty Program Members For Inconvenience Due to Account Breach?
- Miles Stolen; American, United and Delta Frequent Flier Accounts Breached
- Warning: Security Breach of E-Mail Accounts at Various Companies
- Two Years of Free Credit Monitoring Offered by Delta Air Lines Resulting From Cyber Incident
- Unauthorized Individual Accessed My Hyatt Gold Passport Account?
- Cyber Attack on an Account I Have Not Had in Years?!?
- Breaking News: Many British Airways Executive Club Accounts Locked; Avios Reset to Zero
- My Starwood Account Was Compromised: More Details — and What Happened
- Follow Up: My Telephone Call With a Starwood Representative
- Warning: Your Hilton HHonors Account Can Be Sold for Cents on the Dollar by Thieves
How to Protect Yourself From Unauthorized Breaches
Log into each of your frequent travel loyalty program membership accounts and update your user name; password; security questions and answers, if any; and your verbal password, if one is required.
Also ensure that all of your contact information — including your postal mail address, telephone number and e-mail address — is correct.
Additionally, take the following recommended proper precautions to help secure against unauthorized access to any of your frequent travel loyalty program membership accounts:
- Do not use your e-mail address as your identification to log into your account.
- Use a complex password and regularly update it.
- Use different log in credentials with each Internet web sites.
- Always check your membership accounts on a regular basis.
- Promptly report any potential suspicious activity to a representative of the frequent travel loyalty program.
Summary
Considering that only at least four members of FlyerTalk reported a breach in the security of their Hilton Honors membership accounts since Wednesday, April 10, 2019 — which is almost a month — it is important to note that this is not exactly a widespread issue at the time this article was written…
…but when your own frequent traveler loyalty program membership account is compromised, whether or not others have experienced similar issues is irrelevant. I should know — my Starwood Preferred Guest membership account was compromised back on Friday, January 16, 2015. Not only were all of the Starpoints wiped out; but I could not even access my membership account because the password was changed.
Fortunately, you are almost guaranteed to have your miles or points replenished in your membership account if it has indeed been compromised — as had eventually happened to me with my Starpoints.
One last note: if you are assigned a new membership number for your Hilton Honors account, be aware that cases have been reported with which the progress towards lifetime elite status has been reset back to zero. Ensure that you document proof of your progress towards lifetime elite status as soon as possible.
Source: Hilton Honors.
