QFF account hacked

[andye]

My fault, I seem to be picking up bad habits from AP

NSAs .....!

 

[ALH]

I had my QFF Account hacked 2 weeks ago. I did not receive an email to say my email address or Password had been changed, but I did receive a call to ask me if I had purchased 2 x $ 250 Myer cards and changed my email to a hotmail address; eg. "[email protected]". Qantas blocked the account immediately and I was able to phone back at a more convenient time to sort out a new password. I didn't need to sign a stat. dec. or anything to have the points returned to my account.

Qantas were insistent that my email account had been hacked in order to access my QFF Account. Not sure that is correct, or even how that works.

They said the alarm bells rang at their end, as I have never purchased Vouchers before.

It's a creepy feeling knowing that someone has seen my bookings and knows some of my movements for the next 12 months.

To the best of my knowledge, I haven't opened any spam or phishing emails or let anyone see my boarding pass. Mind you, how hard is it for someone to sneak a quick photo of a boarding pass lying on a table in a Qantas lounge? My guess is that you could try the 4 digit password twice a day without being locked out, until you finally hot the jackpot.

 

[Mr_Orange]

my guess is that you could try the 4 digit password twice a day without being locked out, until you finally hot the jackpot

That is potentially 500 days of trying PINs though.... seems unlikely that a hacker would be that persistent!

 

[ALH]

That is potentially 500 days of trying PINs though.... seems unlikely that a hacker would be that persistent!

I didn't do the calculations, but now you mention it, it does sound far fetched. Maybe there's a program which does it?

 

[Flying mermaid]

I didn't do the calculations, but now you mention it, it does sound far fetched. Maybe there's a program which does it?

Easy to have program do it, which is why some sites require you to interpret some characters and type them in as well. Not fool proof (or is that bot proof), but makes it a bit harder.

 

[ozbeachbabe]

It would be good if there was an option where you could remove the option to purchase gift vouchers or anything redeemable electronically from your frequent flyer account.

 

[sumthinfornuthin]

My QFF account was hacked into last night and the slime bags used 42300 points of mine to purchase a $250 woollies voucher.

Fortunately after a stat dec and other processes I'll be reimbursed my points, thanks Qantas.

It's amazing how much personal information is on my profile. Address and phone numbers aside, there are also saved credit card detail also. Not the whole card but the last 4 digits and expiry plus my full name and the type of card.

My password had also been changed as well.

Mane Qantas could sent an email for confirmation for a password change ??

A timely reminder to change passwords frequently.

Whoaa that's scarey......... my ihg account got hacked SAME DAY and 315,000 points is gone, my details have been changed and they have purchased an iPad being delivered to an address in Florida. see my post in IHG Rewards for more info.

Looking at the Net, this is apparently rampant.

 

[sumthinfornuthin]

With IHG is it not a case of selecting "My TravelProfiles", then "Billing Preferences" and finally "Delete Credit Card Information"?

Serious question because I see it as an option but wonder if you only have one card there it won't let you delete it...and I can't be bothered trying to find out and potentially having to re-enter my card again.

Enter dummy data !

 

[sumthinfornuthin]

With IHG is it not a case of selecting "My TravelProfiles", then "Billing Preferences" and finally "Delete Credit Card Information"?

Serious question because I see it as an option but wonder if you only have one card there it won't let you delete it...and I can't be bothered trying to find out and potentially having to re-enter my card again.

THANKYOU SINCERELY !!!!!!!!!!!!!!!!!!! My account WAS hacked on the 17th as well in IHG. I have now gone in and deleted my card details

 

[sumthinfornuthin]

I had my QFF Account hacked 2 weeks ago. I did not receive an email to say my email address or Password had been changed, but I did receive a call to ask me if I had purchased 2 x $ 250 Myer cards and changed my email to a hotmail address; eg. "[email protected]". Qantas blocked the account immediately and I was able to phone back at a more convenient time to sort out a new password. I didn't need to sign a stat. dec. or anything to have the points returned to my account.

Qantas were insistent that my email account had been hacked in order to access my QFF Account. Not sure that is correct, or even how that works.

They said the alarm bells rang at their end, as I have never purchased Vouchers before.

It's a creepy feeling knowing that someone has seen my bookings and knows some of my movements for the next 12 months.

To the best of my knowledge, I haven't opened any spam or phishing emails or let anyone see my boarding pass. Mind you, how hard is it for someone to sneak a quick photo of a boarding pass lying on a table in a Qantas lounge? My guess is that you could try the 4 digit password twice a day without being locked out, until you finally hot the jackpot.

Check if PROXY SERVER box has been ticked in Advanced in LAN SETTINGS in Connections in Tools in Internet explorer.......... Google Proxy server 127.0.0.1 to see what it does.

 

[RichardMEL]

IHG is also a 4 digit PIN thing.

I use different pins for both sites as it happens.

re people seeing the bookings and stuff.. I honestly think this lot are not interested in that. notice how mostly they redeem vouchers or buy stuff like ipads etc. this is concerete stuff. They can't get money out of seeing bookings, or even cancelling them (that's a different sort of malicious user who would do that sort of thing for the sake of it). I think most of them want the quick gain of the fraud and move on.

I agree QF should have a Captcha, as annoying as they are, or a much better or more secure password setup.

 

[blackcat20]

Reminds me of the case of that young lady with a winning Melbourne Cup ticket who put her winning ticket up on facebook, and some "friend" managed to scan the picture of the barcode in and take her winnings!!!

I mean stupid to do that, but geez.... and it was a real life "friend" she knew apparently. fair dinkum!

While it wasnt the brightest thing to do, most people would think their friends trustworthy enough not to be so mean.

Working as a PA, its funny how easy it is to get into a bosses QFF/VFF etc account....because their pin is almost always their birth date/year.

 

[RichardMEL]

While it wasnt the brightest thing to do, most people would think their friends trustworthy enough not to be so mean.

Working as a PA, its funny how easy it is to get into a bosses QFF/VFF etc account....because their pin is almost always their birth date/year.

Both examples of (potential) breach of trust - far different to a hacking or victim of phishing etc

but yes, it's amazing both in social media and around the office how much info can be obtained.. the stray printout, asking for flights the be booked, a boarding pass left behind or whatever

 

[AustraliaPoochie]

Discarded BP takes the cake.
Have seen them discarded in seat backs.
Also one time someone left their QF SG QCC in the ADL QP.

 

[opusman]

Also one time someone left their QF SG QCC in the ADL QP.

I want this line on a tshirt.

 

[eminere]

I want this line on a tshirt.

Discernible to but a few.

 

[Mal]

I am in Malta (not my home country - UK). As a test, I changed my QFF email address to a new one. Change accepted online. In the same session, I then changed my pin number.

Email was sent to my NEW address that my pin was changed. No notification that my email address was changed.

Sorry Qantas. Not good enough.

 

[ALH]

Check if PROXY SERVER box has been ticked in Advanced in LAN SETTINGS in Connections in Tools in Internet explorer.......... Google Proxy server 127.0.0.1 to see what it does.

Thanks. I checked. All good