Skip to content
  • Airlines
  • Deals
  • Hotels
  • Places
  • Potpourri
    • Travel Research
  • Trip Reports
  • Airlines
  • Deals
  • Hotels
  • Places
  • Potpourri
    • Travel Research
  • Trip Reports
Hilton Honors loyalty program Hilton Hotels Worldwide hotel and travel deals 2015-Q2

Hilton HHonors Password Change 1000 free points campaign exposed security flaws

  • by Ric Garrido
  • March 23, 2015
  • 0 Comments
  • 379 Views
Facebook Twitter Reddit Print Share via Email

Remember when several bloggers posted in February about Hilton HHonors offer for 1,000 bonus points free for changing your 4-digit PIN to a more secure password?

One Mile at a Time – 1,000 Free Points For Changing Your Hilton HHonors Password (Feb 19, 2015).

Loyalty Traveler – 1,000 points free for changing Hilton HHonors password Feb 19 to March 8, 2015 (Feb 19, 2015)

I was hanging out in Amsterdam at the time and my post ended with this sentence:

The website is undergoing maintenance at the moment and won’t let me update my pin to a new password.

Loyalty Traveler Feb 19, 2015

Hilton HHonors Password Change 1000 free points campaign exposed security flaws

Today I came across an article on the website Krebs on Security explaining the inside story on why Hilton probably shut down the password change campaign in February and relaunched the campaign last week for 1,000 HHonors bonus points when you change your HHonors PIN to a password by Wednesday March 25, 2015.

Krebsonsecurity.com – Hilton Honors Flaw Exposed All Accounts (March 23, 2015)

Hospitality giant Hilton Hotels & Resorts recently started offering Hilton HHonors Awards members 1,000 free awards points to those who agreed to change their passwords for the online service prior to April 1, 2015, when the company said the change would become mandatory. Ironically, that same campaign led to the discovery of a simple yet powerful flaw in the site that let anyone hijack a Hilton Honors account just by knowing or guessing its valid 9-digit Hilton Honors account number.

KrebsonSecurity.com – Hilton HHonors Flaw Exposed All Accounts (March 23, 2015)

The article explains how IT security consultants found that once logged into an HHonors account, any other member’s account could be hijacked if you knew the HHonors account number.

A good read outside my field of knowledge on IT security and sort of explains why the HHonors PIN reset promotion for 1,000 free points went offline in February soon after it launched and resurfaced again last week in a new and improved version.

Loyalty Traveler – Is my time worth 1,000 points for Hilton HHonors Password Security? (March 16, 2015)

Tags:

free pointsHHonors bonus pointsHilton HHonorskrebsonsecurity.comloyalty program account security

Share This Post:

Facebook Twitter Reddit Print Share via Email

Airlines and Fare Deals

Hotels

Limited Time Deals

Places

Popular Posts

Top Ten U.S. Cities by Hotel Rooms

a building with many windows

Rich pretenders at The Thief Oslo, Ascend Hotel Collection

a collage of a hotel

Choice Ascend Hotel Collection – 10 hotel points deals in USA for Autumn 2023 stays

a white building with trees and a walkway

Best Western Rewards points redemption value analysis June 2023

a looking down at a building with white and black wooden slats

Hotel Review: Crowne Plaza Amsterdam South to the city center easily accessible by metro

  • About
  • Contact
  • Privacy Policy
© 2023 Loyalty Traveler - All Rights Reserved. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Loyalty Traveler with appropriate and specific directions to the original content.