Qantas Frequent Flyer Account Hacked

[Nisho]

2FA has stopped my account from being hacked (Bronze member) just last week. I received 2 verification text messages on different days when I had not attempted to login.

I had the same thing happen to me about to months ago. Not sure how they got my PIN as I only use private secure wifi networks and private devices to login. In any case, I checked my phone one afternoon and I saw 6 verification texts sent to my mobile phone, none of which was prompted by me. So I subsequently changed my PIN and reviewed the information on my account to ensure the info is correct.

 

[froggerADL]

I received 2 verification text messages on different days when I had not attempted to login.

This was happening to me also and I figured out that it was being caused by Award Wallet when it is updating point balances. Woolies Everyday Rewards also sends the 2FA text messages due to Award Wallet updating.

 

[ALH]

Last Thursday evening my Qantas Frequent Flyer Account got hacked. I received an sms at 9 pm saying that my pin had been rest. I then received 3 other sms about 10-15 mins apart saying thank you for shopping on the Qantas Reward Shop and relevant reference numbers. Unfortunately the FF office and loyalty shop did not open until 7 am and 8 am respectively next day Friday. I promptly called the next morning at 7 am and after some process and resetting my pin number someone had purchased multiple digital gift cards draining my account to only 2900+ points. The lady at Frequent Flyer was very helpful and sympathized with my situation. I am also in the process of booking return flights from European Holiday for my wife and I using my points for Oct 2020. I needed to get a Stat Dec signed stating the information they required and that essentially it was not me that purchased the gift cards.

After speaking to FF Office I also had to call the Shopping Rewards Store stating the same issue. After going through that process I also had to send them a Stat Dec (with slightly different info i.e I ended up sending 2 Stat Decs). The person at the other end said that after some checking they said the digital cards went to my email address, which I relied saying no they did not. Anyway later that day on the Thursday FF Office called me back (the same lady) and said that Qantas has promptly returned my points to the full. She mentioned that as I was booking the return flights now, that they returned my points immediately. She did not know what had happened or if they could trace where the points went to.

Kudos to Qantas. Usually I bag them but I wanted to post this to say how good and quick they were.

Has anyone else had their account hacked?

Mine was hacked several years ago. Qantas were fantastic. First of all calling to see if I have bought digital gift cards. It was out of character (for my account) and quite a large volume.

Reset the PIN straight away and they returned them immediately. No stat dec required.

Not sure if @samh004 still remembers overhearing my new PIN. LOL.

 

[PineappleSkip]

This was happening to me also and I figured out that it was being caused by Award Wallet when it is updating point balances. Woolies Everyday Rewards also sends the 2FA text messages due to Award Wallet updating.

Ah yes, that would be me, and tripit pro too. 2 mysterious text messages, a month or so after I changed my Pin. Looked at my tripit account, and yes, it can’t update my QFF balance any more.

Cheers skip

 

[kevrosmith]

I received an SMS the other day advising my PIN had been reset. Unfortunately, I have my mobile registered against (a lot of) my family's accounts since July 2017 in preparation for 2FA (I didn't realise it was so long ago they started talking about it..!) The SMS doesn't indicate which account has been affected, so having checked everyone's account, I couldn't work out which one, if any, had been changed. I doubt there's any point me calling Qantas, as how do I get them to look up all the accounts with my mobile number registered against different accounts and get them to check which one potentially has recently had the PIN changed!?! I sent a few text to family members to check, but no one has been attempting to access their own account recently.

On another note, 2FA seems to be ad hoc for some accounts at the moment. Or is it based on the computer as well? My mum's account (bronze) has had 2FA since July 2017, but I generally never get 2FA for any of the other accounts, including mine. However, my brother received a 2FA request when he tried to log on the other day after I prompted him (I never get 2FA when I access his account), and then I randomly got a 2FA request for my own account... but only once.

 

[WorldView]

Hi

Last Thursday evening my Qantas Frequent Flyer Account got hacked. I received an sms at 9 pm saying that my pin had been rest. I then received 3 other sms about 10-15 mins apart saying thank you for shopping on the Qantas Reward Shop and relevant reference numbers. Unfortunately the FF office and loyalty shop did not open until 7 am and 8 am respectively next day Friday. I promptly called the next morning at 7 am and after some process and resetting my pin number someone had purchased multiple digital gift cards draining my account to only 2900+ points. The lady at Frequent Flyer was very helpful and sympathized with my situation. I am also in the process of booking return flights from European Holiday for my wife and I using my points for Oct 2020. I needed to get a Stat Dec signed stating the information they required and that essentially it was not me that purchased the gift cards.
After speaking to FF Office I also had to call the Shopping Rewards Store stating the same issue. After going through that process I also had to send them a Stat Dec (with slightly different info i.e I ended up sending 2 Stat Decs). The person at the other end said that after some checking they said the digital cards went to my email address, which I relied saying no they did not. Anyway later that day on the Thursday FF Office called me back (the same lady) and said that Qantas has promptly returned my points to the full. She mentioned that as I was booking the return flights now, that they returned my points immediately. She did not know what had happened or if they could trace where the points went to.

Kudos to Qantas. Usually I bag them but I wanted to post this to say how good and quick they were.

Has anyone else had their account hacked?

Last Thursday evening my Qantas Frequent Flyer Account got hacked. I received an sms at 9 pm saying that my pin had been rest. I then received 3 other sms about 10-15 mins apart saying thank you for shopping on the Qantas Reward Shop and relevant reference numbers. Unfortunately the FF office and loyalty shop did not open until 7 am and 8 am respectively next day Friday. I promptly called the next morning at 7 am and after some process and resetting my pin number someone had purchased multiple digital gift cards draining my account to only 2900+ points. The lady at Frequent Flyer was very helpful and sympathized with my situation. I am also in the process of booking return flights from European Holiday for my wife and I using my points for Oct 2020. I needed to get a Stat Dec signed stating the information they required and that essentially it was not me that purchased the gift cards.

After speaking to FF Office I also had to call the Shopping Rewards Store stating the same issue. After going through that process I also had to send them a Stat Dec (with slightly different info i.e I ended up sending 2 Stat Decs). The person at the other end said that after some checking they said the digital cards went to my email address, which I relied saying no they did not. Anyway later that day on the Thursday FF Office called me back (the same lady) and said that Qantas has promptly returned my points to the full. She mentioned that as I was booking the return flights now, that they returned my points immediately. She did not know what had happened or if they could trace where the points went to.

Kudos to Qantas. Usually I bag them but I wanted to post this to say how good and quick they were.

Has anyone else had their account hacked?

Hi Danielb56,

I had the exact same situation last Monday (16th Dec 19) only it was at 4am for the pin change sms and 4:13 for an sms re an e-voucher purchase worth 16,200 points. Security breach also resulted in a huge amount of newsletter e-mails the hacker has subscribed me to that has continued to this day despite having to individually unsubscribe as a first response. The hacker has resubscribed me to them since then. Now now its a possible setup for phising e-mails and bogus links so I'm just marking them as spam as part of my daily ritual.

Its great that the points were returned like your scenario Danielb56, but it has to be asked why this has happened to others years ago (see earlier threads). Qantas staff refuse to discuss the matter and its pretty clear that they don't have proper protection in place and perhaps don't want to spend the money to upgrade their systems. Even to the point of not being able to contact them when the breach first occurs as they only open at 7am unlike credit card services. It's probably easier to give FF members back their points and ignore the rest.

Feeling quite vulnerable now about my personal data and expecting some scam text message or phone calls to start rolling in soon as the hackers also have my phone number. History says your data is not safe with this company given the dates on the message threads on this forum. A major negative shift in brand loyalty and perceptions of Qantas - from this member at least.

 

[RooFlyer]

Welcome to AFF, @WorldView

 

[Julesmac]

I'm a lowly Bronze with zero points! and received the 2FA on Thursday

 

[Danielb56]

Hi


Hi Danielb56,

I had the exact same situation last Monday (16th Dec 19) only it was at 4am for the pin change sms and 4:13 for an sms re an e-voucher purchase worth 16,200 points. Security breach also resulted in a huge amount of newsletter e-mails the hacker has subscribed me to that has continued to this day despite having to individually unsubscribe as a first response. The hacker has resubscribed me to them since then. Now now its a possible setup for phising e-mails and bogus links so I'm just marking them as spam as part of my daily ritual.

Its great that the points were returned like your scenario Danielb56, but it has to be asked why this has happened to others years ago (see earlier threads). Qantas staff refuse to discuss the matter and its pretty clear that they don't have proper protection in place and perhaps don't want to spend the money to upgrade their systems. Even to the point of not being able to contact them when the breach first occurs as they only open at 7am unlike credit card services. It's probably easier to give FF members back their points and ignore the rest.

Feeling quite vulnerable now about my personal data and expecting some scam text message or phone calls to start rolling in soon as the hackers also have my phone number. History says your data is not safe with this company given the dates on the message threads on this forum. A major negative shift in brand loyalty and perceptions of Qantas - from this member at least.

Hi Worldview...it actually happened to me twice the 2nd was 2 weeks after the first event. Same procedure got my points back but this time I opened a new email address on gmail specifically for this purpose. Nothing has happened but the other day I tried to enter my FF account and someone had obviously tried entering as I was blocked out because they tried too many times without success. Obviously it was the same person but without success.

I have mentioned to Qantas about having a 2nd level of security not only to enter your account but also to transact on the account. Heard nothing. My wife the other day got an email from Qantas (I have not though) about being able to place a 2nd level security within your account...maybe they do listen...? But I agree Qantas on many levels has dropped their service. I have posted before saying the only reason I keep Qantas is because of their partners. I get much better quality and service from them...even upgrade without asking.

 

[Franky]

I'm a lowly Bronze with zero points! and received the 2FA on Thursday

Same here... Wife is WP and yet to hear from them.

 

[Walter_Plinge]

Recently I've been receiving 2FA SMSs at odd hours when I haven't been trying to logon, e.g., this morning at 6:00 AM when I'm barely out of bed. I have a few of these over the past month.

I checked my QFF account -- all is well - plus I changed my PIN.

I assume someone is trying to hack my account.

 

[Danielb56]

Recently I've been receiving 2FA SMSs at odd hours when I haven't been trying to logon, e.g., this morning at 6:00 AM when I'm barely out of bed. I have a few of these over the past month.

I checked my QFF account -- all is well - plus I changed my PIN.

I assume someone is trying to hack my account.

Do you have the 2nd level of 'security' asking you to either enter in your answers to secret questions or an sms to your phone?

 

[froggerADL]

Recently I've been receiving 2FA SMSs at odd hours when I haven't been trying to logon, e.g., this morning at 6:00 AM when I'm barely out of bed. I have a few of these over the past month.

I checked my QFF account -- all is well - plus I changed my PIN.

I assume someone is trying to hack my account.

Apps such as Award Wallet can cause this when they log on.

 

[moa999]

Highly likely to be Award Wallet or similar

 

[mandolino]

I get loads of those unsolicited verification SMS from Qantas. I just ignore them.

I never thought of Award Wallet but that could explain it.

 

[Walter_Plinge]

Highly likely to be Award Wallet or similar

I don't use Award Wallet.

 

[Ade]

Recently I've been receiving 2FA SMSs at odd hours when I haven't been trying to logon, e.g., this morning at 6:00 AM when I'm barely out of bed. I have a few of these over the past month.

I've got the same issue. I called up QFF and enquired. They mentioned that if I had been setting up my QFF account on a 3rd party website, say, Awards Wallet (or something similar, not sure of the name) then I could get these as the 3rd party will poll QFF profile to update the information on their file.

 

[Ade]

I've got the same issue. I called up QFF and enquired. They mentioned that if I had been setting up my QFF account on a 3rd party website, say, Awards Wallet (or something similar, not sure of the name) then I could get these as the 3rd party will poll QFF profile to update the information on their file.

Oopsie, just read all the posts on this forum and realised that @Walter_Plinge doesn't use Award Wallet

 

[Walter_Plinge]

They mentioned that if I had been setting up my QFF account on a 3rd party website, say, Awards Wallet (or something similar, not sure of the name) then I could get these as the 3rd party will poll QFF profile to update the information on their file.

I think you're on to something. I'm having Woolworths reward points automatically converted to Qantas points - and transfer occurred today.

 

[Ade]

I think you're on to something. I'm having Woolworths reward points automatically converted to Qantas points - and transfer occurred today.

May be that was what causing the triggers