This is a follow-up to my discovery last week that someone redeemed over 200,000 points from three of my hotel loyalty program accounts in Club Carlson, Choice Privileges and IHG Rewards Club for New York hotel reward stays over a five day period. These were fraudulent hotel reward stays I discovered had happened as I started an 11 day trip in Europe at the beginning of April.
Loyalty Traveler Take: if I was scared before that my online security had been breached, I am now even more frightened at how easy it was to get information about my hotel loyalty program accounts over the phone.
This was an old school Phone Hack
I returned home to California last night and this morning I followed up on the travel hack of several of my hotel loyalty program accounts. My concern was this was a major online hack of my computer.
Turns out after my own investigation today that this appears to be an old school telephone hack with all hotel reservations made through hotel loyalty program phone call centers with my name on the reservation and a second name. The other name was the same for all reservations. The other name was the person who checked in and it was the same name used for all three different hotel loyalty account reward stay reservations at New York hotels. There was no issue with the person checking in at each of these New York hotel without me present for any of the three stays. One hotel even charged my credit card for incidental charges due to the credit card being on file in my hotel loyalty program account.
I did not get all the information I wanted out of hotel phone representatives I spoke with today, but I sure was amazed at the amount of information I did get without providing much personal identifying information about me, beyond what someone could learn about me from the phone book or a quick Google search or LinkedIn. I feel like I was able to hack myself over the phone.
One hotel loyalty program changed my hotel loyalty program account to a new account number and another program changed my phone number on my account today during my phone calls. Needless to say, I paid attention to how much information I was requested to provide before these changes were made to my accounts.
Believe me, if I was scared before that my online security had been breached, I am now even more frightened at how easy it was to get information about my accounts over the phone and make changes to my hotel loyalty account profiles without providing any kind of significant password protected information regarding my hotel loyalty program accounts.
I pretty much have come to the conclusion after my conversations with a few hotel and hotel loyalty program representatives that any of us with hotel loyalty program accounts can easily be hacked over the phone to pay for someone else’s hotel reward nights with our points.
I have opened up investigations with all three hotel loyalty programs and a credit card issuer. Having my points restored is not the big concern for me. I know that will happen.
My primary concern is how easy it is for someone to hack hotel loyalty program accounts with a phone call and take my points again. Or your points. And my concern is how to prevent that from happening.
I think this story is kind of a blockbuster revelation. I imagine this is a far bigger widespread problem for many hotel loyalty program members than I was ever aware existed.
How easy is it to steal hotel loyalty points from someone’s account?
Looks easy to me!
How much did this hotel suite cost?
Who cares? You hacked someone else’s points to pay for the free reward stay!