MileagePlus account data exposed by 3rd party vendor?

Discussion in 'United Airlines | MileagePlus' started by HaveMilesWillTravel, Dec 27, 2014.  |  Print Topic

  1. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
  2. Garp74

    Garp74 Gold Member

    Messages:
    2,327
    Likes Received:
    9,607
    Status Points:
    7,525
    Thanks for posting this.

    PIN and password changed online, right from the My Account page at the bottom.
     
  3. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    http://www.databreachtoday.com/fraudsters-target-united-frequent-fliers-a-7730 (via FT)

    United Airlines is notifying some of its MileagePlus members that unauthorized individuals accessed frequent flier accounts by using usernames and passwords obtained from third-party sources.

    "These usernames and passwords were not obtained as a result of a United data breach, and United was not the only company where attempts were made," says a notice sent to MileagePlus members, which was obtained by Information Security Media Group.
     
  4. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,214
    Likes Received:
    61,743
    Status Points:
    20,020
    HaveMilesWillTravel likes this.
  5. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,197
    Status Points:
    16,520
    "She also asked if I’d been traveling lately (duh) and if I’d used a hotel Wi-Fi system or any free Wi-Fi while away. I had, as many of you probably have. That’s where my info probably got snatched, she said. Don’t do that anymore, she (ahem) suggested. "

    That doesn't quite jive with the theory that the hackers used recycled passwords from another breach.

    "Will I get satisfying revenge on the thief who tried to steal my hard-earned miles? That’s not my department. But I do know that it is difficult to get on airplanes pseudonymously. United Security knows these guys’ names and what they did. One of them, at least, has a fairly unusual name and a home address near the city he was traveling from. And I get to hold in my mind the warm thought of a surprise waiting for a crook expecting to fly the 11 hours from Sydney to Beijing in comfort. At best, he’s not getting on that plane."

    If the hacker had bought the tickets for him/herself, they could have left everything in place and had airport police arrest him/her at the gate.

    But I would suspect the miles were sold (the reservation was made for someone who paid the hacker cash for an award ticket).
     
  6. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,214
    Likes Received:
    61,743
    Status Points:
    20,020
    This is typically the way these situations play out.
     
  7. chrislacey
    Original Member

    chrislacey Milepoint Guide

    Messages:
    480
    Likes Received:
    656
    Status Points:
    670
    I received a letter today from MileagePlus (Houston, TX address) with the same language posted on WA's blog that was apparently emailed to me on December 26th (I missed it or it ended up in spam). It took holding for a MP rep for about 6 minutes, and then another 25 on the phone to get my account unlocked. The phone rep verified my life story (not really, just name, address, phone number, email address and PIN) and then put me on hold to speak with a supervisor to have the account unlocked. After that they walked me through changing the password, PIN and security question.

    I haven't been flying UA so I didn't notice before today, but still wanted to preserve my miles :) I'm guessing all regular UA flyers have already addressed this, but I figured I would post in case others are in a similar situation.

    Side notes:
    1. You all probably know this, but this is why they've disabled username/password login functionality.
    2. The letter was printed on really nice (heavy) paper. If they are looking to cut costs, I'd ditch this stuff in favor of cheap paper. :D
    3. There's a number in the lower right. Not sure if it is a sequence number, or just a form number. I'm 3428. If it is a sequence number, quite a few people got these letters.
     

Share This Page