Remember when several bloggers posted in February about Hilton HHonors offer for 1,000 bonus points free for changing your 4-digit PIN to a more secure password?
One Mile at a Time – 1,000 Free Points For Changing Your Hilton HHonors Password (Feb 19, 2015).
Loyalty Traveler – 1,000 points free for changing Hilton HHonors password Feb 19 to March 8, 2015 (Feb 19, 2015)
I was hanging out in Amsterdam at the time and my post ended with this sentence:
The website is undergoing maintenance at the moment and won’t let me update my pin to a new password.
Loyalty Traveler Feb 19, 2015
Hilton HHonors Password Change 1000 free points campaign exposed security flaws
Today I came across an article on the website Krebs on Security explaining the inside story on why Hilton probably shut down the password change campaign in February and relaunched the campaign last week for 1,000 HHonors bonus points when you change your HHonors PIN to a password by Wednesday March 25, 2015.
Krebsonsecurity.com – Hilton Honors Flaw Exposed All Accounts (March 23, 2015)
Hospitality giant Hilton Hotels & Resorts recently started offering Hilton HHonors Awards members 1,000 free awards points to those who agreed to change their passwords for the online service prior to April 1, 2015, when the company said the change would become mandatory. Ironically, that same campaign led to the discovery of a simple yet powerful flaw in the site that let anyone hijack a Hilton Honors account just by knowing or guessing its valid 9-digit Hilton Honors account number.
KrebsonSecurity.com – Hilton HHonors Flaw Exposed All Accounts (March 23, 2015)
The article explains how IT security consultants found that once logged into an HHonors account, any other member’s account could be hijacked if you knew the HHonors account number.
A good read outside my field of knowledge on IT security and sort of explains why the HHonors PIN reset promotion for 1,000 free points went offline in February soon after it launched and resurfaced again last week in a new and improved version.
Loyalty Traveler – Is my time worth 1,000 points for Hilton HHonors Password Security? (March 16, 2015)
