A LoyaltyLobby reader dropped me an email that is more of a comment that I question regarding Le Club AccorHotels account hack where the points from the account had been used.
You can access Acco’s web page for Silver, Gold & Platinum benefits here.
Here’s the email from the reader:
Would like to share about my unfortunate incident.
On 15 Jun, someone logged into my account, and emptied my points in exchange for vouchers. An email was sent to me but it ended up under the “Promotions” tab in my Gmail, and I didn’t take notice of it.
On 18 Jul, I wanted to check out if there are any promotions going on lately, and searched on my mail, that was how I found the email. I tried to log into my account to check if the vouchers have been used, but realised my account has been locked.
I emailed Accor but there was no replies, and I just called them.
So apparently, my account was locked when someone used the voucher to check in. The CSO on the line sent an automated email to me. I was asked to change my password using the “Forgot Password” function, and then reply them a copy of my identification, a confirmation that I did not exchange the points for vouchers, and a confirmation that I have changed my password. They will communicate with me via email.
This has never happened to me until lately on a few of my accounts (non-hotel related). However, most accounts will notify me of suspicious activities (eg: someone log in via IP address of another country), but Accor obviously do not have a solid security system to do this.
I suspect that hacker has gotten hold of the list of hacked LinkedIn email addresses with passwords, might be worthwhile to alert your readers.
I will update you when I have replies from Accor on this. Hopefully I get a refund of all the points!
This is a good reminder to have either unique email address on file with each airline and hotel loyalty program OR have variations of password.
There have been many instances as of late where hackers have emptied accounts especially with loyalty programs that allow converting points to certificates (Amazon) or allow using points to various type of merchandise (Apple products).
I am not sure what kind of checks these programs have in place. When someone orders merchandise or electronic gift cards with loyalty program points (always at a very bad valuations), they should have extra hoops to ensure that the transactions are legit.
Although loyalty programs are not legally required to redeposit the used points when their systems are not hacked, they have done so. I have no doubt that the reader in this case will eventually get the points back.