Hyatt Gold Passport

Discussion in 'Hyatt | Gold Passport' started by Hyatt Gold Passport Concierge, Apr 21, 2015.  |  Print Topic

  1. Hyatt Gold Passport Concierge
    Original Member

    Hyatt Gold Passport Concierge Official Representative

    Messages:
    263
    Likes Received:
    758
    Status Points:
    695
    Hello Milepoint,
    As many of you are now aware, we found through our routine monitoring of member account activity that a small number of accounts were improperly accessed. We’ve addressed the members impacted already, but to enhance your account security, we’re asking everyone with a username to reset their password.
    To change your password: 1) Visit goldpassport.com 2) Click "Forgot Password" in the sign-in section and follow the directions 3) Look for a temporary password sent to your email and follow the directions
    If you should encounter any error with this process or require additional assistance, please PM us directly with your account number, and we will be happy to help.
     
    B1BomberVB, iolaire and MX like this.
  2. MX

    MX Gold Member

    Messages:
    2,215
    Likes Received:
    4,805
    Status Points:
    2,545
    Thanks for the update. The password reset procedure worked fine for me. But currently there appear to be other problems with the website, i.e. difficulty staying signed-in and making reservations.
     
  3. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    How does resetting my password increase my account security?
     
    Wandering Aramean likes this.
  4. Hyatt Gold Passport Concierge
    Original Member

    Hyatt Gold Passport Concierge Official Representative

    Messages:
    263
    Likes Received:
    758
    Status Points:
    695
    Hello,

    People often use the same combination of a username and password to log into their various online accounts. We believe that someone has used a list of usernames and passwords to try those combinations across multiple sites, including Hyatt.

    We strongly encourage you to reset your username and password to a combination that you don’t use anywhere else online to strengthen the security on your account. You may also want to consider using your Hyatt Gold Passport number to log in rather than a username.

    Please let us know if you have any further questions.

    Thanks!
     
  5. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    My password for my GP account isn't used anywhere else. So unless your password file was stolen, there is no reason for me to switch out one secure password for another one.
     
    viguera, Thomask and kwai like this.
  6. Hyatt Gold Passport Concierge
    Original Member

    Hyatt Gold Passport Concierge Official Representative

    Messages:
    263
    Likes Received:
    758
    Status Points:
    695
    Good Morning!

    Everyone with a username has been reset as a precaution. Those that were directly impacted were already contacted, but as an additional level of security we reset our members’ passwords that had established a username.


    Thanks!
     
  7. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    So I tried to log in with my known password (and username). Your website tells me:

    The password you entered could not be authenticated with the username or membership number you provided. Please try again or click Forgot Your Password to reset your password.

    Let's say I wasn't a Milepoint or Flyertalk member (say, I was my wife) and had not come across this thread. What do you think would be my first reaction? here's a hint: three letters, starts with W and ends with F.

    I checked our emails, and we did not receive any notification that our password had been reset for security reasons.
     
  8. MX

    MX Gold Member

    Messages:
    2,215
    Likes Received:
    4,805
    Status Points:
    2,545
    I got the email, but my family members did not. So I agree this could've been an unpleasant surprise.
    Btw, I was able to "reset" my password to whatever I used prior to this breach.
     
  9. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    Can you share the email here?
     
  10. WhiteDesert

    WhiteDesert Silver Member

    Messages:
    364
    Likes Received:
    440
    Status Points:
    500
    I received the email yesterday evening (18:11 EST).

    It was entitled "Required Password Change"

    Here is the text body of the email:

    As part of Hyatt Gold Passport’s routine monitoring of member account activity, we found a small number of accounts were accessed by an unauthorized individual utilizing member usernames and passwords. We have no reason to believe, at this time, the login information was obtained through Hyatt Gold Passport, and we continue to analyze and monitor our systems. We have reached out to members we know have been affected to resolve any concerns.

    To enhance your account security, we are resetting all passwords connected to a username. The next time you sign in to your Hyatt Gold Passport account, you will need to change your password by following the directions below. We strongly recommend that you reset your username and password to a unique combination not used elsewhere. You will not be able to access your account online until you change your password.

    To change your Hyatt Gold Passport password:
    1) Visit Hyatt in your region.
    2) Click "Forgot Password" in the sign-in section and follow the directions
    3) Look for a temporary password sent to your email and follow the directions

    We apologize for any inconvenience. If you have any questions, please call us anytime at 800.228.3360 in the US and Canada or contact Hyatt in your region.
     
    HaveMilesWillTravel and iolaire like this.
  11. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    Still no email notification about the problem here. The "forgot my password" email came more or less instantly.
     
  12. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    Hah! Literally a minute after I posted this my email notification arrived.
     
    viguera likes this.
  13. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    This was obviously some kind of internal breach that led them to issue a mandatory password reset. I can guarantee you that my account was not "improperly accessed" by anyone unless it was internally within Hyatt or by someone that had some kind of username / password dump that was stolen from their internal systems.

    This of course could have been handled in a much more elegant way. It's the equivalent of you arriving home and finding out your keys don't work, then your wife calls you a few hours later and tells you that she lost her keys so had the locks changed as a precaution. I guess the expectation is that we will be happy that nothing was stolen, rather than complaint that we weren't notified properly.
     
    Thomask and HaveMilesWillTravel like this.
  14. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    My wife still hasn't been notified. She has zero points in her account, so perhaps they don't bother with those accounts,
     
    viguera likes this.
  15. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Maybe they just notify Diamond members? or people with x number of stays / points or something wort stealing? I don't know... :)
     
  16. Thomask

    Thomask Silver Member

    Messages:
    562
    Likes Received:
    542
    Status Points:
    720
    No my wife HGP P with few points got the mail. I, HGP Diamond with a fair number of points did not.
     
    viguera likes this.
  17. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    Neither of us has status anymore. She has zero points, I have a few hundred in my account.
     
    viguera likes this.
  18. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    So basically no rhyme or reason... :)

    I'm Diamond for a couple of years now with a sizeable amount of points in my account and I first learned of the issue through one of the BoardingArea blogs. My password didn't work, I did the reset, etc. I got the email maybe a day or two later.
     
    HaveMilesWillTravel likes this.
  19. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    And now Hyatt.com refuses to reset her password claiming that the email address doesn't match. I am 90% sure that I know her correct email address used for this account... but guess what, I am not going to bother any further with this. I have better things to do than to call Hyatt to have this fixed. :mad:
     
    Thomask likes this.

Share This Page