FF Account just hacked and almost 300,000 points taken

Status
Not open for further replies.
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

rainbowgirl said:
I'm guessing when these thefts happen, the email address for the targeted account is also changed. Qantas sends an email confirmation each time a gift card is ordered showing the address the reward was sent to. Has Qantas released this type of information to the owners of the affected accounts?
Click to expand...

well in our two cases they did not. just asked us to change pin and mother's maiden name. which begs the question of how one is suppose to answer that security question because mothers cannot change their maiden names.
 
The mother's maiden name is a really easy bit of info to hack. It is recommneded that you make up something totally improbable that is also like a password.

Sera said:
well in our two cases they did not. just asked us to change pin and mother's maiden name. which begs the question of how one is suppose to answer that security question because mothers cannot change their maiden names.
Click to expand...
 
Are these incidents inside jobs?

As mentioned by others Qantas need to get better with their security. I have used a new machine to log into GMail overseas and received an email to my backup email there was access to my account. Then I setup a new laptop at home the other day and received another email to my backup email there was access to my account.

If a Qantas account has had 4-5 unsuccessful attempts to login then they should at least send an email to inform.
 
Just discovered 150,000 points stolen from my QFF account. I use a strong unique password for most websites but QFF login is only 7 digit account number, last name and 4 digit pin. The email address had been updated to one i don't recognise and multiple transactions for Woolworths and David Jones vouchers. On hold to Qantas now to try and sort this out...
 
brettoau said:
Just discovered 150,000 points stolen from my QFF account. I use a strong unique password for most websites but QFF login is only 7 digit account number, last name and 4 digit pin. The email address had been updated to one i don't recognise and multiple transactions for Woolworths and David Jones vouchers. On hold to Qantas now to try and sort this out...
Click to expand...
Good luck. Let us know how you get on.
 
Sorry to hear of your recent FF points loss. A similar think happened to Mr. s., but we got all the points back from Qantas.

Around 50000 points were taken from his account and spent on 6 iTunes vouchers. Qantas returned all the points and I immediately transferred them across to my account.

If I remember correctly, my husband’s contact phone number was changed but not his email address. Qantas was very proactive in tracking us down as they had tried the phone, luckily with no success. We thought that the Qantas email could be dodgy, so rang Qantas and confirmed that the points had been stolen. The points were returned very quickly.
 
How much are 150,000 QFF points worth?

I just tried to make an internet payment from one of my bank accounts and couldn't do it without entering an authentication code.
Seriously Qantas, there needs to be another level of authentication. Not perfect I know but better than what we currently have surely?
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Good point Buzzard. Pretty ridiculous they don't use two factor authentication, especially when forcing people to use the weakest of weak passwords.
 
brettoau said:
Just discovered 150,000 points stolen from my QFF account. I use a strong unique password for most websites but QFF login is only 7 digit account number, last name and 4 digit pin. The email address had been updated to one i don't recognise and multiple transactions for Woolworths and David Jones vouchers. On hold to Qantas now to try and sort this out...
Click to expand...

Did you get a email to the “old” email address to advise of a change of email ? if not that is a big security issue ..
 
Daver6 said:
Good point Buzzard. Pretty ridiculous they don't use two factor authentication, especially when forcing people to use the weakest of weak passwords.
Click to expand...

What are Qantas now, a bank?

That said, 4 digit PINs aren't ideal. What if they do one of those dealies like iPhones, i.e. 3 attempts, then it takes longer, and even longer, and eventually if you keep trying you'll just lock the account. At worst, that should mean a hacker will at best just cause an inconvenience to you by having you to call Qantas.

One thing is, as far as I know, Qantas Mall purchases can only be delivered to Australia or New Zealand. Whilst this country isn't small by any means, it should at least narrow down considerably where one should attempt to direct any investigation efforts. That said, if vouchers are delivered electronically, that puts to bed that idea.

On top of all of this, almost no - nay, absolutely no - law enforcement agency would appear to gave two points next to a damn if you were to report such activity to them for investigation.
 
Buzzard said:
How much are 150,000 QFF points worth?

I just tried to make an internet payment from one of my bank accounts and couldn't do it without entering an authentication code.
Seriously Qantas, there needs to be another level of authentication. Not perfect I know but better than what we currently have surely?
Click to expand...


Didn't you read the T&C? They have no value.
 
anat0l said:
What are Qantas now, a bank?

On top of all of this, almost no - nay, absolutely no - law enforcement agency would appear to gave two points next to a damn if you were to report such activity to them for investigation.
Click to expand...
Not always the case. I had a series of amounts totally about $200 charged to my bank account from the US. Went to local Police to get a reporting number for the Bank (actually no it was a Credit Union). The officer took all the details, passed them on here and to the US and got back to me with what had been done to try and identify the persons involved.
 
Re: FF Account just hacked and points taken

1) The issue of a 4-digit PIN does make it easier to force a hack but reading through from the start of a thread it sounds more like data leaks have occurred.

These can be ANYWHERE on the data chain.

For example Citibank lost 6 million cc accounts COMPLETE details (I think it was 6 million from memory). I was one of them.

The hack/leak was not from within Citibank itself but from a cc clearer in the US. For some reason they had that number of full account details (security questions, day of month statement due for payment etc) covering 8 different countries - one of which was Australia.

The cc account of mine that was 'visited' was one that we had never used, was an unsolicited card upgrade and was supposedly 'totally cancelled so no transactions can be initiated in future.'

With QFF - who knows how much has been outsourced and where to. For example: Accounts Payable for certain well known airlines may be run out of Indian third party processors... Not to say they do not have good security but all it takes is one bad employee (recall a certain phone company last year?).

2) Yes, you need to get your computer (and every device you use or open emails, look at online accounts with) checked. Use MULTIPLE programs to do so. What security program do you run on your smart phone? When was the last time you ran a full system scan with another program on your smart phone? These links give you a good idea...
Also available, a general smartphone security checklist (PDF).

3) NEVER instantly go and change every password - Why give every new password to the thief? Until you can be certain the device is REALLY secure - assume it is not. Phone calls are much safer, especially from a landline NOT a smartphone.

4) For security questions - LIE. Mother's maiden name - Frankenstein City of birth - Stalingrad First car - Rolls Royce. You get the idea. However make sure you only ever use the same answer for each question. With people's use of social media and thieves' use of Google etc - it does not take long to find info, or to buy it.


And if you are ever in a taxi - NEVER sit in the front seat and use the eftpos terminal, NEVER


Now did anyone, say out of interest, just click on one of the links provided in (2)?

Perhaps my AFF account has been hacked (without me knowing) and a very clever person/group has set a trap to get a few million more points....

Sometimes being paranoid is really being prudent.

Never cough U ME!
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

Total: 1,167 (members: 33, guests: 1,134)
Back
Top