Good afternoon everyone. A few weeks ago, Laura and I were driving to Lake Tahoe for vacation. During the drive, I started getting emails from the MileagePlus X app (the app where you can earn United Airlines miles for buying gift cards). The first confirmation email came in at 12:48pm for a $10 Apple eGC. Then over the next 5 minutes, I received 4 more confirmation emails for $500 Saks Fifth Avenue eGCs. Uhh oh, this was bad. Then I got an email from United Airlines that said:
Your MileagePlus account information has been updated – We wanted to let you know your MileagePlus account information has changed. For your security, we can’t specify exactly what was updated, but it may include your address, phone number, password or other details.
Oh boy, now the hacker had signed into my United Airlines account and changed my email or password. We exited the freeway and stopped at a gas station. We changed seats so Laura could drive the car and I could call United Airlines about my hacked account and US Bank to report the credit card fraud. This was the start of my journey to restore access to my accounts.
I decided to call US Bank first since I wanted to block any additional credit card charges on my US Bank Altitude Reserve Credit Card. This is my favorite credit card for travel purchases and ApplePay purchases and one of the few credit cards that I knew the last 4 digits of the card number. I didn’t want to learn a new 4 digit number (#firstworldproblems). Here are the 5 fraudulent purchases in my account.
I spoke to a very friendly rep at US Bank who helped me initiate a fraud claim (by disputing the 5 purchases from the United MileagePlus X app), block future transactions, and order a replacement credit card. The rep wanted me to confirm my home address to send the replacement credit card via UPS Next Day Air, but I told the rep we were going on vacation and asked if they could send the replacement credit card to our vacation rental home in Lake Tahoe. The rep said yes and I provided the Lake Tahoe address. The whole call took about 10 minutes and I let out a big sigh of relief at the end of the phone call.
After speaking with US Bank, I called United Airlines. I explained to the rep that my account was hacked and that I could no longer sign into my account. Since my cell phone number was still registered to my account, the rep was able to verify my identity that way. The rep said that United Airlines would need to temporarily close my account to complete the investigation and restore my account. I told the rep that I had 2 upcoming United Airlines flights the following week and asked if those reservations would be impacted by my temporarily closed account. The rep said no and I can confirm that I was able to access both reservations and check in fine using the “guest” feature on the United Airlines app. The rep said I would receive a letter in the mail when the investigation was completed with instructions on how to restore my access. That call lasted about 8 minutes and I let out another big sigh of relief.
Later that day, I received an email that my replacement credit card was ordered and shipped via UPS Next Day Air, with a link to view the tracking number. 2 days later on July 16, the replacement credit card showed up at the Lake Tahoe vacation rental home. I was very excited to activate the replacement credit card and add it to my ApplePay wallet.
A few days later, on July 18, I received 5 emails from US Bank regarding the 5 credits ($10 Apple and 4 x $500 Saks Fifth Avenue).
I logged into my US Bank account and confirmed that the 5 credits matched the name and amount of the 5 fraudulent transactions.
I received the letter from United Airlines in the mail on July 27 (dated July 22) with information about the investigation. The reason stated in the email is that United Airlines believes my Gmail account was compromised and that emails from United were automatically being forwarded to another email address. I checked my sent and trash folders around July 14 and didn’t see any emails from United Airlines. The letter advised me to use a different email address for my account and provided a security code to restore access.
The back of the letter had the phone number for the United MileagePlus Service Center (1-800-421-4655). I called the phone number, explained the situation and provided the security code. The rep then updated my email address on file so I could reset my password and security questions. The alarming thing about the letter is that it said: “If this is the first time your account has been compromised through an email filter/forwarder appended to your email account, MileagePlus will replace your miles, as a one-time courtesy.” It sounds like the next time this happens to my account, United Airlines will not be able to replace the miles in my account. That is a little concerning.
During the call, the rep sent me the password reset email and I was able to change the password for my account.
After that, the rep sent me an email to reset my security questions. I really hate these security questions and don’t remember if I selected new questions / answers, or not.
After that, I was able to sign into my account and checked my account activity. I saw all the United MileagePlus X transactions and then all the cancelled mileage activity. I then checked my profile and settings to ensure all the personal information on file was correct.
I still do not know how the hacker got into my United MileagePlus X account and United Airlines account since my password was securely created by LastPass. As far as I know, only LastPass, Google Chrome, and AwardWallet have my login details for United. I don’t believe AwardWallet is to blame since I have many more accounts with larger balances than United Airlines, but to be safe, I changed my AwardWallet password. If LastPass and Google Chrome are to blame, then I have many more things to worry about. I am hoping this is an isolated event and that the hacker does not go after my account again. If you have dealt with a similar situation, please share your experience in the comments section below. Have a great day everyone!
This is a warning that we, frequent flyers, should burn our miles. With much difficulty, I have burned all my Delta Skymiles except a little that could buy a domestic economy ticket. I have burned miles on another major carrier last year. Only 2 major airlines left need burning and small amounts from another carrier.
Burn, burn, burn.
I totally agree. In a perfect world, I would have less than 1,000 miles in an airline program and then transfer the necessary miles in from a transferable points program. Unfortunately, after having to cancel a few award tickets, I have some larger balances that I would like in a few airline programs.
My Hhonors account was hacked once during the Easter long weekend and the hackers converted the points into Amazon gift cards. It happened overnight so I called them first thing in the morning. They restored my points and issued me a new HHonors account with a new member since date.
About 3 yrs later my IHG account was breached and used to book a same-day stay in Dubai. I called in and they said the fraudulent guest had even checked-in!!! The points were also refunded.
I think Hilton and IHG had really weak online security standards a few years ago, so you were not alone with having those accounts hacked. I’m glad they were able to restore your points for both of those accounts.
LastPass was hacked in recent times, and I have read that it is no longer a safe haven.
This is from 21Sep2023 Kim Komando newsletter:
Still using LastPass? After all its privacy and security trouble in the past year, I’d say it’s time to jump ship. But if you’re sticking around, LastPass says all master passwords must now meet a 12-character minimum. The fact that passwords less than that were still allowed is kind of mind-boggling.
Hi Malmel, thank you for the heads up. I have used LastPass at home and at work for the last few years, and really like the app and technology. Is there a different password management tool you would recommend?