A LoyaltyLobby reader emailed me a question about IHG Rewards Club hack where his account was taken over and points used.
You can access IHG Rewards Club here.
Here’s the email from the reader:
Someone has hacked into my ihg and stole 254,000!! I didn’t even get an email to say they had redeemed it. I am just off the phone and they have opened a fraud case but do you know my “rights”.
These IHG Rewards Club account takeovers were very prevalent the other years before IHG instituted some measures (apparently you were able to try almost unlimited number on account number and PIN combinations on mobile version before kicked out) trying to prevent these happening.
The problem is that most of the PINs that members use are very easy to break:
Almost 11% of all the PINs that people choose is simple 1234. The 20 most common PINs per the table above (access the entire article here) represent almost 27% of all the PINs on the sample.
IHG Rewards Club will eventually return the points to the reader’s account after they have completed their “investigation”.
I don’t get it why IHG Rewards Club still hasn’t moved away from these simple 4 digit PINs that are very vulnerable for hacks? Members should make sure that their four digit PIN doesn’t happen to be any of the easy ones.
Let’s hope that IHG Rewards Club would make their member accounts more secure in due course (wouldn’t hold my breath anything happening soon).