There have been reports about IHG Rewards Club account hacks over the past few years. Previously, one could keep trying different PIN combinations over mobile until one would work. Now account is frozen after set number of failed attempts.
IHG Rewards Club has most recently blamed account security for the changes made for award redemption process for stays in Greater China (read more here).
You can access IHG Rewards Club here.
Few reader left comments and messages me that they had received an email from IHG Rewards Club / Ambassador program that not only contained their account number but the PIN as well.
One reader commented that he/she even had sent an email to the person running the Ambassador program about this (remember IHG emails are in the form of email@example.com) and never heard anything back. Not even thanking for pointing out this security lapse.
This really is bad and illustrates how lax IHG Rewards Club is with the member account information. Do they not have these properly scrambled, hashed and salted (not sure if I use correct terms)? What about possible credit card info that members have attached to their accounts? Let’s hope that they are not in plain text.
Most of the hotel chains have had issues with property POS machines infected with viruses that have captured the credit card info that guests and non-guests have used to pay at their outlets.
Let’s hope that IHG Rewards Club & Ambassador program would take the account security more seriously.