We have seen half a dozen reports in the past few days about Hilton Honors breaches with drained accounts.
Honors have had issues with account safety for years, and we have covered this topic numerous times (see the articles below).
You can access Hilton here.
Here’s a message from the reader:
Well, Hilton allowed my account to be hacked and lost 300k points yesterday, and my account is suspended for the next two weeks. What are the Marriott promotions?
What usually happens:
1. The account is linked with Amazon and points drained for purchases
2. Most recently fraudsters have used points towards Alamo car rentals
3. Sometimes your existing award reservation may be canceled, and those points used too
4. You may realize that your account is hacked when the account email is changed (you get notification).
Note that Honors has always fixed these issues at the end. It can, however, take a few weeks, and you don’t have access to your account during that time frame.
We received a statement from a Hilton spokesperson:
We have 106 million members and at any one time there are individual examples of password reset challenges or unfortunately, email accounts having been compromised. I have checked with our Hilton Honors team and can reject any suggestion that there has been a breach of our systems or any widespread concern.
I would also appreciate you encouraging the individuals with concerns to contact Hilton for support. As always, if a Member has noticed suspicious activity on their account, we would like them to contact us immediately at 1-800-548-8690 or http://hiltonhonors3.hilton.com/en/support/index.html. We will investigate and in a situation where a member is missing Points, they will be made whole.
Additionally, Hilton Honors Points are valuable, so we encourage our members to protect their account information the same way they would an email or bank account. That includes reviewing account transactions on a regular basis, enrolling in adaptive authentication/two-factor authentication and using strong passwords that are changed often. It’s also important that passwords are unique and not shared across different accounts. Finally, from an email standpoint, we also encourage members to take caution prior to opening emails and attachments including verifying the sender’s email address, and reporting any questionable emails prior to taking any action.
Here’s some of our previous coverage:
There have been occasional reports about Marriott and IHG account breaches, but not much recently.
Scammers are reselling the hotel bookings, Amazon merchandise, or car rental reservations likely using online platforms. These fraudsters have been milking cash out from Hilton for years, and I am baffled that Honors have not been able to come up with a resolution.
It almost looks like someone at the contact center could be leaking information, or are Hilton’s systems so vulnerable that bit of automation can crack accounts?
I wish that Hilton would come up with something more secure. They always make it right at the end, but what if you have stays coming up or need to redeem some points when your account access is being restored? Not good.