personal reflections

Real travel hacker wiping out my hotel loyalty points accounts for New York hotel stays

A real travel hacker has fraudulently booked reward nights all around New York City this week redeeming hotel points from several of my accounts. So far this has wiped out over 200,000 points on my account balances for Choice Privileges, IHG Rewards Club and Club Carlson. By the end of next week I may find I have no hotel points remaining in any of my hotel loyalty program accounts.

The reason I became aware of these transactions is Choice Privileges sent me an email March 30 with subject line: “Your USA TODAY e-Newspaper | Thanks for Checking in with Choice Privileges”.

A line in the email reads, “You are receiving this email because you are a current guest at a Choice Hotels property.”

Since I was at home and not at a Choice Hotel, I immediately called Choice Hotels to find out if they showed I was at a hotel somewhere. The Choice Hotels representative stated there were no reservations currently in my account.

Yesterday, I logged into my Choice Privileges account to see my points had been redeemed for two nights for a Choice Hotel in Brooklyn, NY. I was pissed off to see the New York hotel folio for the reward stay shows the room number I supposedly was staying in ‏on the same day I called Choice Hotels to find out if something fraudulent was happening with my account. My Choice Privileges account shows I was at the hotel in the middle of a two-night stay at the time I made the call to Choice Hotels four days ago.

Not just my Choice

To make matters worse, today I learned this is not an isolated hack of my Choice Privileges account. Hotel reward nights were booked at New York City hotels for Friday and Saturday nights this weekend using my IHG Rewards Club account points too. The reason I learned of those hacks was an email from IHG Rewards Club today stating 500 welcome amenity points were added to my account. I have not stayed at an IHG hotel since February.

That hack prompted me to check my other hotel accounts to find another reward stay Saturday night at Radisson Martinique on Broadway, New York for 105,000 points.

I wonder how much worse this will get?


  • Thomask April 4, 2016

    That be great if police can arrest the guy… Will the programs give your points back?

  • gregorygrady April 4, 2016

    Is this for real or is this a late April Fools Prank? If it’s for real, how do you think they got ahold of your info? The only thing I can think of is that your AwardWallet was somehow hacked. I have worried about that type of hack in the past. I hope you get your points back somehow, if it was probably any other blogger I’d have been happy about the hack and loss of their points, but you are one of the few good ones, sorry this happened to you.

  • Ric Garrido April 4, 2016

    I do not use award wallet. I do not know if my computer was hacked or if someone is simply sweet talking their way to my hotel loyalty account information over the phone?

    The information I received from one hotel is the reward reservation was made by phone with a note stating the second guest would arrive before me and let him check-in without me.

  • Michael April 4, 2016

    They have the hacker’s CC so hoed illy they can get him — unless he checked in w your CC too

  • […] Loyalty Traveler‘s hotel accounts have been hacked. Be careful out […]

  • Steve April 4, 2016

    Ask to be connected to the room.

  • wowwee April 4, 2016

    funny how you didnt get any email confirming your award bookings.

    you always get an email confirmation for stays, be it award or not.

    either it is a fake post or the hacker has access to your email account(s) too.

  • wowwee April 4, 2016

    which makes me wonder why do you not change your password(s) immediately.

  • VG April 4, 2016

    I know someone whose IHG Rewards credit card was recently hacked. Maybe that is how they got your information.

  • soren April 4, 2016

    My 1st thought was Award Wallet, but you don’t use it.
    I have always been a little nervous of storing credentials @ AW.

    The fact that this covers multiple accounts of different flavors, indicates its a personal computer breach. I use a VPN everywhere, even on my secured network, and run all kinds of industry protection.
    Let us know how this plays out.


  • P T April 4, 2016

    So very sorry. Every traveler’s nightmare, one of them anyway. It will be telling how each of the rewards program responds to this. This is a robbery, is it not? Can the police be involved? Presumably the hotels have video footage. This is disgusting.

  • Farnorthtrader April 4, 2016

    Contacting the hotels, checking video, checking credit card records will do little good. The bad guys won’t be staying there, they will have sold the room nights and innocent people will be staying who have no idea that they are part of a rip off. Hate to say it, but I really hope that you don’t end up with more of a hassle if one of the programs decides that you sold award nights.

  • IMH April 4, 2016

    Hope you’re able to clear this up without too much damage, Ric, and that you keep us posted so people can learn from your bad experience.

  • Blown away April 4, 2016

    Every hotel I’ve ever stayed at has asked for ID and possibly a credit card if it wasn’t already one file. Is it possible to checkin on points without showing some form of ID? Sounds more like a phishing scam than a proper hack.

  • Bill C April 4, 2016

    Moral of the story is have good passphrase protection and change it often.

  • Charlotte (TYR) April 4, 2016

    That’s just awful. I would be changing passwords on accounts along with security questions/answers ASAP. Sounds like some social engineering here- someone also knew enough about you to pretend to be you over the phone.

  • Big D April 5, 2016

    Curious about out come? You were in Europe often I wonder if you were hacked there?

  • Ric Garrido April 6, 2016

    Update – Choice Privileges contacted me and told me not to worry about having my points restored. The curious aspect of this for me is if the hacker has access to my accounts, then why not cancel my current award reservations to add more points to my account for booking New York hotel nights?

    As far as ID and credit cards, in Europe I have checked in several times at hotels on points stays and no credit card was required.

    I had three credit card fraud purchases in the past 18 months. A few months ago someone booked $10,000+ in Turkish Airlines tickets on one of my credit cards. I have never flown Turkish Airlines,

    That is one reason why I am not one of these people who hold 25 credit cards for manufactured spend.

  • […] is a follow-up to my discovery last week that someone redeemed over 200,000 points from three of my hotel loyalty program accounts in Club Carlson, Choice Privileges and IHG Rewards Club for New York hotel reward stays over a five […]

Comments are closed.