There were quite a few issues with Club Carlson account breaches earlier in the year that resulted everyone member to change their account passwords (read more here).
Now, Hilton HHonors members are facing similar issues where their accounts are emptied by thieves ordering electronics using the points.
There are quite a few examples on a FlyerTalk thread here about these issues.
Here’s post by a wildthing271 on FT here:
Haven’t posted on here for a while…. but there is obviously a major hack going on judging by the number of folks on here just hacked…and add me to that list – this morning I had over 250000 points, I then got an email from the Hilton Hhonors Shopping Mall thanking me for my purchase….I checked my account and I only had 1000 points left…..someone had changed all the address and email preferences…but for good measure they must have noted my email address and are now spamming it…..
Michelle at the Diamond Desk was very sympathetic and helpful though! Be vigilant folks!
It is unclear whether someone has penetrated the Hilton HHonors account numbers and pins OR whether this is just a brute force attack trying random account and pin number combinations
With Hilton HHonors you need either your account number OR user name AND password OR four digit long PIN number. You cannot disable the PIN number option.
And here’s what is the issue with four digit PIN numbers:
Well. Close to 11% of the analyzed 3.4 million four digits PIN numbers were just 1234. The top 20 PIN numbers represented close to 27% of all the passwords used.
You can access this PIN number article (quite eye opener) here.
This could be a brute force attack or someone may have breached Hilton’s IT (how often the website is down or inaccessible?). If you happen to have one of those easy passwords, it is maybe a good time to change it bit more challenging.