My IHG account has been hijacked!
Apr 2, 2016, 7:53 am
#1
Original Poster
Join Date: Jun 2001
Location: YUL-YQB-BTV
Programs: SPG-Marriott Titanium Elite
Posts: 4,348
My IHG account has been hijacked!
Last Tuesday, I wanted to verify availability for a 5 nights stay on points for an upcoming trip. Rooms were available, so when I tried to reserve the room, got an error message to let me know I did not had enough points to make that reservation. I had a balance of about 165 000 points, so 5 nights at 25 000 points was not supposed be a booking problem.
So I went to my account details to check the balance and much to my surprise, the day before, on Easter Monday, someone ordered 4 e-gift Amazon certificate using around 150 000 points in my account!!!
So I immediately called the service center to inquire about that disturbing news. I was told that from their end everything looked normal and the CSR even had the nerves to ask me if I did that transaction the day before and just don't remember it! Upon my clear NO answer, the CSR ask me again if I could have given my credentials to someone...my answer was clearer than the first No!!
She then told that she would report this incident to the fraud dept and that someone should be calling me between 3 to 5 days.
I've just checked my account this morning, no change in it, and it has been 4 days so far.
How well did it ended for those who went through the same kind of incident? Did you got your points back?
When does IHG will implement a password that would require more than just 4 digits?
So I went to my account details to check the balance and much to my surprise, the day before, on Easter Monday, someone ordered 4 e-gift Amazon certificate using around 150 000 points in my account!!!
So I immediately called the service center to inquire about that disturbing news. I was told that from their end everything looked normal and the CSR even had the nerves to ask me if I did that transaction the day before and just don't remember it! Upon my clear NO answer, the CSR ask me again if I could have given my credentials to someone...my answer was clearer than the first No!!
She then told that she would report this incident to the fraud dept and that someone should be calling me between 3 to 5 days.
I've just checked my account this morning, no change in it, and it has been 4 days so far.
How well did it ended for those who went through the same kind of incident? Did you got your points back?
When does IHG will implement a password that would require more than just 4 digits?
Apr 2, 2016, 8:42 am
#2
Join Date: Nov 2015
Location: FL, USA
Programs: AA Plat, Hyatt Explorist, Hilton Diamond, IHG Plat, Marriot Gold
Posts: 1,669
Last Tuesday, I wanted to verify availability for a 5 nights stay on points for an upcoming trip. Rooms were available, so when I tried to reserve the room, got an error message to let me know I did not had enough points to make that reservation. I had a balance of about 165 000 points, so 5 nights at 25 000 points was not supposed be a booking problem.
So I went to my account details to check the balance and much to my surprise, the day before, on Easter Monday, someone ordered 4 e-gift Amazon certificate using around 150 000 points in my account!!!
So I immediately called the service center to inquire about that disturbing news. I was told that from their end everything looked normal and the CSR even had the nerves to ask me if I did that transaction the day before and just don't remember it! Upon my clear NO answer, the CSR ask me again if I could have given my credentials to someone...my answer was clearer than the first No!!
She then told that she would report this incident to the fraud dept and that someone should be calling me between 3 to 5 days.
I've just checked my account this morning, no change in it, and it has been 4 days so far.
How well did it ended for those who went through the same kind of incident? Did you got your points back?
When does IHG will implement a password that would require more than just 4 digits?
So I went to my account details to check the balance and much to my surprise, the day before, on Easter Monday, someone ordered 4 e-gift Amazon certificate using around 150 000 points in my account!!!
So I immediately called the service center to inquire about that disturbing news. I was told that from their end everything looked normal and the CSR even had the nerves to ask me if I did that transaction the day before and just don't remember it! Upon my clear NO answer, the CSR ask me again if I could have given my credentials to someone...my answer was clearer than the first No!!
She then told that she would report this incident to the fraud dept and that someone should be calling me between 3 to 5 days.
I've just checked my account this morning, no change in it, and it has been 4 days so far.
How well did it ended for those who went through the same kind of incident? Did you got your points back?
When does IHG will implement a password that would require more than just 4 digits?
Apr 2, 2016, 2:20 pm
#4
FlyerTalk Evangelist
Join Date: Feb 2002
Location: Montreux CH
Programs: FB Platinum, M&M FTL, BA Blue
Posts: 11,662
Well we know what their IT is like thanks to the promotions offered over the last couple of years. I actually never had any major problem but there were a LOT of complaints in this forum. Off to check my account now, haven't for a couple of weeks.
All seems to be in order, thankfully.
All seems to be in order, thankfully.
Apr 4, 2016, 9:47 am
#6
Join Date: Apr 2004
Programs: BA Exec Blue, IHG Spire, HHonor Gold, Accor Platinum.
Posts: 966
I really had to push for Mrs B to get the points back
IHG were in denial and wanted to blame her and deny everything.
Best bet is to contact the CEO directly-do not waste time with CS.
Shout loud and strong on Facebook about it.
You can try a PM to IHG Service or IHGSteve on here but don't expect answer
Last edited by blindman; Apr 4, 2016 at 9:59 am
Apr 5, 2016, 12:08 am
#8
Join Date: May 2004
Location: SIN (LEJ once a year)
Programs: SQ, LH, BA, IHG Diamond AMB, HH Gold, SLH Indulged, Accor Gold, Hyatt Discoverist
Posts: 7,790
Fully agree that the main culprit that enables hackers to gain access to IHG accounts is the ridiculous 4-digit PIN. It should be mandatory 6 digits at least which is not that hard to implement as allowing proper alphanumeric passwords will be a bigger transition that their IT will surely manage to muck up.
Apr 5, 2016, 3:13 am
#9
Join Date: Aug 2009
Location: UK
Programs: IHG
Posts: 1,316
I had exactly the same thing happen, but IHG managed to prevent completion of the points transaction by the "hijacker". They quarantined my account for a few weeks, while they "investigated".
I had to chase them until they eventually decided to set up a new account but at the same time they locked my old account with all of my points in. This was then only released a few months later once my IHG year had come round. Then they closed the temporary account and deposited the points I'd accrued since then into my "real" account.
It was a lot of hassle, and very time consuming, I'm afraid to say.
I had to chase them until they eventually decided to set up a new account but at the same time they locked my old account with all of my points in. This was then only released a few months later once my IHG year had come round. Then they closed the temporary account and deposited the points I'd accrued since then into my "real" account.
It was a lot of hassle, and very time consuming, I'm afraid to say.
Apr 5, 2016, 5:49 am
#10
Join Date: Nov 2015
Location: FL, USA
Programs: AA Plat, Hyatt Explorist, Hilton Diamond, IHG Plat, Marriot Gold
Posts: 1,669
I had exactly the same thing happen, but IHG managed to prevent completion of the points transaction by the "hijacker". They quarantined my account for a few weeks, while they "investigated".
I had to chase them until they eventually decided to set up a new account but at the same time they locked my old account with all of my points in. This was then only released a few months later once my IHG year had come round. Then they closed the temporary account and deposited the points I'd accrued since then into my "real" account.
It was a lot of hassle, and very time consuming, I'm afraid to say.
I had to chase them until they eventually decided to set up a new account but at the same time they locked my old account with all of my points in. This was then only released a few months later once my IHG year had come round. Then they closed the temporary account and deposited the points I'd accrued since then into my "real" account.
It was a lot of hassle, and very time consuming, I'm afraid to say.
Apr 5, 2016, 7:30 am
#12
Join Date: Nov 2015
Location: FL, USA
Programs: AA Plat, Hyatt Explorist, Hilton Diamond, IHG Plat, Marriot Gold
Posts: 1,669
Apr 5, 2016, 2:49 pm
#13
FlyerTalk Evangelist
Join Date: Jan 2005
Location: home = LAX
Posts: 25,947
Fully agree that the main culprit that enables hackers to gain access to IHG accounts is the ridiculous 4-digit PIN. It should be mandatory 6 digits at least which is not that hard to implement as allowing proper alphanumeric passwords will be a bigger transition that their IT will surely manage to muck up.
Best Western has a true alpha password (though allows a "weak" one), yet still added a Captcha about a year ago. (For me, at least, the BW Captcha is nothing more than "click here to verify you're not a robot". Ie, I don't generally get images to pick at BW, at least as long as I use my regular home & work computers.)
So what I don't understand is why IHG doesn't at least add a Captcha until they come up with a replacement for the 4-digit PIN.
Apr 10, 2016, 11:23 pm
#14
Original Poster
Join Date: Jun 2001
Location: YUL-YQB-BTV
Programs: SPG-Marriott Titanium Elite
Posts: 4,348
Sorry for the long silence!
I finally got my problem resolved and all my points were put back into a new account and my old account was deleted. During the experience, I found out that complaining directly on IHG Facebook page was a far better approach than calling the CSR. After less than 15 minutes after my FB comment, I was in touch with a rep, on the phone, that took the situation in hand and everything was resolved within 60 minutes!
So I guess the lesson here is not to call Customer Service, but to actually the IHG FB page. They are by far better and more responsive!!
When I asked about the fraudster, I was told that they would not comment on that...Weird response, but I'm happy on the results!!
I finally got my problem resolved and all my points were put back into a new account and my old account was deleted. During the experience, I found out that complaining directly on IHG Facebook page was a far better approach than calling the CSR. After less than 15 minutes after my FB comment, I was in touch with a rep, on the phone, that took the situation in hand and everything was resolved within 60 minutes!
So I guess the lesson here is not to call Customer Service, but to actually the IHG FB page. They are by far better and more responsive!!
When I asked about the fraudster, I was told that they would not comment on that...Weird response, but I'm happy on the results!!
Apr 11, 2016, 12:00 am
#15
Join Date: Apr 2004
Programs: BA Exec Blue, IHG Spire, HHonor Gold, Accor Platinum.
Posts: 966
Thread the last time this happened
I really had to push for Mrs B to get the points back
IHG were in denial and wanted to blame her and deny everything.
Best bet is to contact the CEO directly-do not waste time with CS.
Shout loud and strong on Facebook about it.
You can try a PM to IHG Service or IHGSteve on here but don't expect answer
I really had to push for Mrs B to get the points back
IHG were in denial and wanted to blame her and deny everything.
Best bet is to contact the CEO directly-do not waste time with CS.
Shout loud and strong on Facebook about it.
You can try a PM to IHG Service or IHGSteve on here but don't expect answer
Sorry for the long silence!
I finally got my problem resolved and all my points were put back into a new account and my old account was deleted. During the experience, I found out that complaining directly on IHG Facebook page was a far better approach than calling the CSR. After less than 15 minutes after my FB comment, I was in touch with a rep, on the phone, that took the situation in hand and everything was resolved within 60 minutes!
So I guess the lesson here is not to call Customer Service, but to actually the IHG FB page. They are by far better and more responsive!!
When I asked about the fraudster, I was told that they would not comment on that...Weird response, but I'm happy on the results!!
I finally got my problem resolved and all my points were put back into a new account and my old account was deleted. During the experience, I found out that complaining directly on IHG Facebook page was a far better approach than calling the CSR. After less than 15 minutes after my FB comment, I was in touch with a rep, on the phone, that took the situation in hand and everything was resolved within 60 minutes!
So I guess the lesson here is not to call Customer Service, but to actually the IHG FB page. They are by far better and more responsive!!
When I asked about the fraudster, I was told that they would not comment on that...Weird response, but I'm happy on the results!!
IHG know they have a fraud problem, they just do not admit to it.