QFF account hacked

Status
Not open for further replies.
tomo69

tomo69

Member
Joined
Dec 18, 2012
Posts
260
Qantas
Bronze
Virgin
Platinum
My QFF account was hacked into last night and the slime bags used 42300 points of mine to purchase a $250 woollies voucher.

Fortunately after a stat dec and other processes I'll be reimbursed my points, thanks Qantas.

It's amazing how much personal information is on my profile. Address and phone numbers aside, there are also saved credit card detail also. Not the whole card but the last 4 digits and expiry plus my full name and the type of card.

My password had also been changed as well.

Mane Qantas could sent an email for confirmation for a password change ??

A timely reminder to change passwords frequently.
 
That's terrible, leaves a very bad feeling I'm sure but glad Qantas sorted it out for you. Any suspicions on how it happened - do you destroy your boarding passes?

An email would be a good idea like Apple sends out when changing its passwords.

A timely reminder indeed. (To date you are still the only AFFer I have met in person...)
 
Sorry to hear.

Qantas needs to send email to registered email address that points have been used. Aadvantage does it. Can't be that difficult.
 
Last edited:
It's unfortunate that Qantas don't see the need to increase their website security. A four digit PIN simply doesn't cut it these days.
 
I'm pretty sure I did get an email last time I changed my Pin?

Sorry to hear of your issue, its certainly concerning.. Glad QF rectified it quickly. Hopefully they start thinking about further security updates soon.
 
Qantas does send out emails when the password changes - maybe when they hacked the account they changed the associated email? What Qantas does need to do is update the allowable passwords - 4 numbers is seriously insecure!
 
This is bad and im already worried about this. I saw someone a while back that had the same issue
I noted that QF's website the login page isnt under https if you go to qantas.com.au and use the login function on the top right. (although it could be an iframe or something that is secured but i have no idea)
I always use the https://www.qantas.com.au/fflyer/dyn/program/welcome page to login that is under HTTPS.

Agreed a reset email would be good. But this assumes the hackers havent changed your email address first.
 
The worst crime committed here was the serious misuse of points. Seriously, 42300 points for a $250 Woolies eCard! What on earth are they thinking? ðŸ
 
Mrs GPH had her account hacked. However it was QF who brought it to her attention. They noticed a flurry of points for toaster purchases. Called her straight away and wondered why her usual pattern of flights only had suddenly changed. The hackers changed her contact details and password as well.
QF were very good and acted swiftly to restore said points and fingers crossed we are safe again.
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

Getting hacked can also come down to how you authenticate when you call up.
Pretty sure they ask for your pin. If you in a public place anyone could listen to you. I remember calling a few times on the train heading to the airport.
But not sure what other way to authenticate that wouldn't require personal information to be given

I used to have my FF number on my bag tags rather than my mobile thinking that if i loose my bag QF can look me up and find my number but i changed that after reading posts about accounts getting hacked.
 
Sdtravel said:
I noted that QF's website the login page isnt under https if you go to qantas.com.au and use the login function on the top right. (although it could be an iframe or something that is secured but i have no idea)
Click to expand...

I had a look at this in Chrome; the form is posted via client-side javascript to an https URL, so I think it's ok.
 
Flying mermaid said:
Qantas does send out emails when the password changes - maybe when they hacked the account they changed the associated email? What Qantas does need to do is update the allowable passwords - 4 numbers is seriously insecure!
Click to expand...

The four digit PIN is one of the main issues. The PIN I use for QFF is unique, as in I don't use it for any other PIN-based account. So even if I change it regularly I am not sure it would increase my security.

This is a significantly under-par arrangement as it stands, and QFF already have better security on the Cashcard facility where you can have a decent strength password. Of course I hear you say, that facility is probably provided by the financial institution behind the card ....
 
Did anyone whose account was hacked recently open up an email (even from a reputable company or known person) with a blank word doc?
 
Timely reminder! After reading this I decided to update my PIN and I did indeed get an email confirmation.

Qantas really do need to change to much higher strength passwords at least.
 
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

... and 26 more.
Total: 1,082 (members: 76, guests: 1,006)
Back
Top