Qantas Frequent Flyer Account Hacked

Status
Not open for further replies.

Danielb56

Intern
Joined
Sep 3, 2015
Posts
89
Last Thursday evening my Qantas Frequent Flyer Account got hacked. I received an sms at 9 pm saying that my pin had been rest. I then received 3 other sms about 10-15 mins apart saying thank you for shopping on the Qantas Reward Shop and relevant reference numbers. Unfortunately the FF office and loyalty shop did not open until 7 am and 8 am respectively next day Friday. I promptly called the next morning at 7 am and after some process and resetting my pin number someone had purchased multiple digital gift cards draining my account to only 2900+ points. The lady at Frequent Flyer was very helpful and sympathized with my situation. I am also in the process of booking return flights from European Holiday for my wife and I using my points for Oct 2020. I needed to get a Stat Dec signed stating the information they required and that essentially it was not me that purchased the gift cards.

After speaking to FF Office I also had to call the Shopping Rewards Store stating the same issue. After going through that process I also had to send them a Stat Dec (with slightly different info i.e I ended up sending 2 Stat Decs). The person at the other end said that after some checking they said the digital cards went to my email address, which I relied saying no they did not. Anyway later that day on the Thursday FF Office called me back (the same lady) and said that Qantas has promptly returned my points to the full. She mentioned that as I was booking the return flights now, that they returned my points immediately. She did not know what had happened or if they could trace where the points went to.

Kudos to Qantas. Usually I bag them but I wanted to post this to say how good and quick they were.

Has anyone else had their account hacked?
 
Good outcome.

Yes I had my account hacked in China a few years ago. Points returned after a stat dec submitted. They were pretty good about it.
 
My Amex information was hacked in either the SPG or BA IT failures.They changed my email address by putting in a couple of full stops to get their concert tickets supplied.Obviously easy to do.
 
We haven't had posts about hacked accounts recently

One from a few years ago was from a phishing email - never ever follow any links in emails asking you to reset a password. Always go direct to the site.

Other common hack is from people using the same password on multiple sites. One site gets hacked, then they use it to gain access to other sites.

Best way is to use a password manager and totally random passwords. Second best way is to use part of the site name.
Eg. Instead of password123 use passqan123 or passrbo123 (advancing letters by 1)
 
We haven't had posts about hacked accounts recently

One from a few years ago was from a phishing email - never ever follow any links in emails asking you to reset a password. Always go direct to the site.

Other common hack is from people using the same password on multiple sites. One site gets hacked, then they use it to gain access to other sites.

Best way is to use a password manager and totally random passwords. Second best way is to use part of the site name.
Eg. Instead of password123 use passqan123 or passrbo123 (advancing letters by 1)
I never follow links or emails I don't know even if it came from someone I know....
 
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

What will eventually drag Qantas to modernise their QFF account login/authentication process? Only offering people a 4-digit PIN is negligent on the part of Qantas. Even with SMS 2FA. (insecure in itself and easily bypassed).

They need to give account holders at least the option to set long-complex passwords and offer 2FA through app-based services such as Google Authenticator etc.

When they expect people to be saving CC and other personal details in their QFF accounts, no to mention "cash" in the form of QFF points... we customers deserve modern account security measures to be enforced.
 
Last Thursday evening my Qantas Frequent Flyer Account got hacked. I received an sms at 9 pm saying that my pin had been rest. I then received 3 other sms about 10-15 mins apart saying thank you for shopping on the Qantas Reward Shop and relevant reference numbers. Unfortunately the FF office and loyalty shop did not open until 7 am and 8 am respectively next day Friday. I promptly called the next morning at 7 am and after some process and resetting my pin number someone had purchased multiple digital gift cards draining my account to only 2900+ points. The lady at Frequent Flyer was very helpful and sympathized with my situation. I am also in the process of booking return flights from European Holiday for my wife and I using my points for Oct 2020. I needed to get a Stat Dec signed stating the information they required and that essentially it was not me that purchased the gift cards.

After speaking to FF Office I also had to call the Shopping Rewards Store stating the same issue. After going through that process I also had to send them a Stat Dec (with slightly different info i.e I ended up sending 2 Stat Decs). The person at the other end said that after some checking they said the digital cards went to my email address, which I relied saying no they did not. Anyway later that day on the Thursday FF Office called me back (the same lady) and said that Qantas has promptly returned my points to the full. She mentioned that as I was booking the return flights now, that they returned my points immediately. She did not know what had happened or if they could trace where the points went to.

Kudos to Qantas. Usually I bag them but I wanted to post this to say how good and quick they were.

Has anyone else had their account hacked?
 
Last edited by a moderator:
My husband had his account hacked some time ago - it appeared to be from a Russian source, however, I was of the opinion that it was an inside job as business class tickets were purchased with points and we only discovered it when our statement came and our points had almost been depleted. Thankfully QANTAS restored them immediately we contacted them and they checked it out.
 
Hasn't been implemented to all people yet. Only Gold and above i think.
Both my wife and I are bronze and already have 2FA.

Do you need 2FA when you use the points, either through the store or flight?

I haven't used any points since 2FA is turned on.
 
2FA has stopped my account from being hacked (Bronze member) just last week. I received 2 verification text messages on different days when I had not attempted to login. After the 2nd one I contacted QF. Call was answered straight away and they stated they would pass it onto the fraud section. They stated I would hear back by phone or email but at this stage I have not heard back (that was 6 days ago). Not sure if they are waiting for another attempt so they can maybe track it.

However, I suspect that this came about because one week before this, my QF Premier Mastercard had 7 x fraudulent transactions totalling $1200 on it after spending a couple of weeks overseas in Singapore and Vietnam. So I suspect that someone skimmed my card whilst overseas and as the QF Premier card also has the FF number on it, then it would be easy for someone to try to hack the FF account. Is there really any benefit to have the FF number on a credit card? My QF AMEX Ultimate does not have the FF number on it.

Interestingly, I only used the Mastercard once when overseas and that was on a JQ flight (SIN - SGN) for beverages. Obviously I cannot confirm where it was skimmed, but my wallet is RFID safe.

All in all I am happy with the way the fraudulent activities on the credit card and FF account have been handled.
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Back
Top