FF Account just hacked and almost 300,000 points taken

[grussellt]

The stolen points aren't necessarily used for flights. One recent case included the use of David Jones vouchers.

 

[juddles]

Surname and Frequent Flyer number (which for Qantas is 2/3 of what you need to log in).

2/3 will get no access.

Has anyone here ever actually had their account hacked using a discarded boarding pass? I mean a confirmed hack using the boarding pass?

 

[JohnK]

The stolen points aren't necessarily used for flights. One recent case included the use of David Jones vouchers.

Understood. The latest report on AFF mentioned flights booked.

I want to know have any other members had their frequent flyer account hacked recently.
Mine has been deleted of points by unknowns using my points to book tickets.
I did not know this could happen to a FF account.

 

[Jeffrey O'Neill]

Just received a call from the QF Store. Seems someone has hacked my account and used up 150K of points on woolworths gift cards.

Seems they were on the ball so they're cancelling the transaction and crediting the points back.

Call me a bit paranoid, but I feel it's not a good system where I verbally give them my new PIN.

email password change too.

 

[drron]

Yes it is about time airlines upped the security for their loyalty programs.
I am following this thread over on FT where an AA account was hacked.OP still hasn't got access to their account over 3 weeks later.

 

[Jeffrey O'Neill]

Yes it is about time airlines upped the security for their loyalty programs.
I am following this thread over on FT where an AA account was hacked.OP still hasn't got access to their account over 3 weeks later.

Something like what Citibank have with the two factor auth via their mobile app would be good. I'm sure not that difficult to achieve. At least offer it as an option for people. Would be a good way for QF to get people to load their app on their phone. Maybe even offer some points for people to sign up for it.

That way any points redemptions would be much harder to achieve by a hacker.

In my case the hacker was a bit silly. If they'd maybe done just one card redemption it would likely have got through as I only check my account a couple of times a month.

 

[eastwest101]

Just received a call from the QF Store. Seems someone has hacked my account and used up 150K of points on woolworths gift cards.

Seems they were on the ball so they're cancelling the transaction and crediting the points back.

Call me a bit paranoid, but I feel it's not a good system where I verbally give them my new PIN.

email password change too.

Bad luck and sorry to hear about your experience - but this prompted me as a reminder that I should change my PIN as well - given that I have had to verbally provide the old pin over the phone a few times in the past. Its possible to change your pin online on the Qantas web site but still limited to 4 digit pin numbers...

 

[DeKa]

Bad luck and sorry to hear about your experience - but this prompted me as a reminder that I should change my PIN as well - given that I have had to verbally provide the old pin over the phone a few times in the past. Its possible to change your pin online on the Qantas web site but still limited to 4 digit pin numbers...

If you have any upgrade requests in make sure you call reservations and give them your new pin otherwise your upgrade will be rejected. It's in the QFF T&Cs.

 

[Sera]

If you have any upgrade requests in make sure you call reservations and give them your new pin otherwise your upgrade will be rejected. It's in the QFF T&Cs.

hi folks googled this thread because this has just happened to us. shocked to see such a long thread on it

in june a jb hi fi card was issued worth 15k points for $100 ( im a lowly bronze). qantas kindly refunded my account when i discovered the error in august. all i had to produce was a stat dec saying it wasnt me.
i asked them if they could track the voucher but they said that wasnt possible. I didnt ask the obvious question of where was it sent to.

today my husband logged in and discovered that

yesterday 3X WOOLWORTHS WISH EGIFT CARD - $250 ORDER POINTS ONLY

-

-

-112,200

today 5X WOOLWORTHS WISH EGIFT CARD - $250 ORDER POINTS ONLY

-

-

-187,000

were issued. that's almost 300k. and $2000

Qantas customer service quizzed him a bit about it but ended up asking for the same stat dec process to re-credit his account.
I cant believe that it is happening on this scale and qantas are so relaxed about it.

He has asked for points redemption to be blocked or limited to telephone transactions because we only have ever used them for flights. i dont know if that is possible.

to the quote above, we do have upgrade requests in place and have changed our pins, so do we need to notify QF of the changes???

evil thought- wondering if its employee fraud. but if it was why would they bother with my scummy account for $100....

 

[coles525]

In another topic maby, someone says to ring with your new pin, otherwise reward bookings will fail.

Edit: spelling.

 

[Buzzard]

What if Qantas waited say 24 or 48 hours before issuing gift cards?

You could be sent a confirmation email that you need to respond to, or just respond if the transaction is suspicious.
Several organisations I deal with send me an email or SMS informing me that something has occurred and that I should call if it is unauthorised.

Yes, I agree that Qantas need to do something to plug a security hole.

 

[Sera]

In another topic maby, someone says to ring with your new pin, otherwise reward bookings will fail.

Edit: spelling.

hi thanks for the tip. just rang and was told that any existing upgrade requsts in the system not affected by change in pin. maybe a change of policy? dunno

 

[ozbeachbabe]

If you have any upgrade requests in make sure you call reservations and give them your new pin otherwise your upgrade will be rejected. It's in the QFF T&Cs.

In another topic maby, someone says to ring with your new pin, otherwise reward bookings will fail.

Edit: spelling.

hi thanks for the tip. just rang and was told that any existing upgrade requsts in the system not affected by change in pin. maybe a change of policy? dunno

If the pin advised at the time you requested the upgrade differs from what your pin number is at the time the upgrade request is processed eg at T-60 hours, then your upgrade cannot be processed so will be denied.

 

[DeKa]

Clause 16.1.12 states you must advise changes in PIN for active upgrade requests.
https://www.qantas.com.au/fflyer/dyn/program/terms#jump15

 

[Buzzard]

hi thanks for the tip. just rang and was told that any existing upgrade requsts in the system not affected by change in pin. maybe a change of policy? dunno

Obviously whoever you spoke to hasn't got a clue.

 

[burmans]

Obviously whoever you spoke to hasn't got a clue.

I think that's in the T&C's too.

 

[Sera]

thanks all. will try again....

 

[rainbowgirl]

I'm guessing when these thefts happen, the email address for the targeted account is also changed. Qantas sends an email confirmation each time a gift card is ordered showing the address the reward was sent to. Has Qantas released this type of information to the owners of the affected accounts?

 

[Jeffrey O'Neill]

I'm guessing when these thefts happen, the email address for the targeted account is also changed. Qantas sends an email confirmation each time a gift card is ordered showing the address the reward was sent to. Has Qantas released this type of information to the owners of the affected accounts?

I'm not sure if they changed my email account or not

When I called through they asked me to change the email address. I changed it to my hotmail account

Then changed my gmail password as well. Not sure how they had access to gmail because I'm sure they send an email when you make a change. Suppose they could have deleted it.

2 factor auth is the easiest way to overcome these issues.

 

[Jeffrey O'Neill]

Can't complain with the way QF has handled tings.

Points already back in my account.