Good morning everyone, I hope you had a great weekend. I am happy to report that I avoided a potentially very bad weekend because I found out that my IHG Rewards Club account was hacked on Friday! This is not the first time IHG accounts were hacked. Travel Codex covered a similar story where 2/3 of his IHG points were stolen from his account and IHG would not help him. I will show you how I found out that my IHG account was hacked and what I did next to protect my account. It all started on Friday afternoon around 2:30pm PT when I received these 2 emails from IHG. Wait a second… I didn’t cancel an IHG hotel reservation or update my email address. Uhh oh…
I spotted those 2 emails about 30 minutes later and immediately logged into my IHG account. All of my personal information was the same except the email address was changed on my account. I immediately changed the email address back and changed my 4 digit PIN to another 4 digit PIN.
I then looked at my account activity. The only recent activity was the IHG hotel reservation that was cancelled. I assume the hacker cancelled my points reservation so there would be more IHG points in my account for them to steal. Luckily, I had 2-3 other IHG reservations booked on points that they did not cancel.
Here are details of the cancelled IHG hotel stay.
After changing my email and PIN, I called IHG customer service to report that my account was hacked. The sad part was that the IHG rep did not sound surprised, alarmed, or apologetic. He told me that I should change my PIN (already done) and change my email. He mentioned that the hacker would only need to know my email and PIN. If I used the same email as before, the hacker would just need to guess my new PIN. Therefore, by changing my email address, the hacker would have to figure out my email and my new PIN. I told the rep I would change the email on my IHG account to a different email address. I then told him that the hacker cancelled my hotel reservation. The rep then offered to rebook my hotel reservation. I guess IHG cannot un-cancel a reservation, so they would need to make a new reservation. After telling the rep the hotel and travel dates, he rebooked my hotel reservation for me. I thanked him for his help and hung up.
In the span of 50 minutes, I had my IHG account hacked, reservation cancelled, email changed (by the hacker), email changed (by me), and a new hotel reservation (booked by the IHG rep).
This was a very scary incident and I am glad I caught this very quickly because I am sure my IHG points would be gone by now. If you have any questions, please let me know. Have a great day everyone!