What Alaska Airlines Did When My Account Was Hacked - Live and Let's Fly
My dear readers, some links on this site pay us referral fees for sending business and sales. We value your time and money and will not waste it. For our complete advertising policy, click here. The content on this page is not provided by any companies mentioned, and has not been reviewed, approved or otherwise endorsed by these entities. Opinions expressed here are the author’s alone.

My Alaska Airlines Mileage Plan account was compromised, but when I contacted the airline to correct it, I was shocked by the response. 


If you are considering booking travel or signing up for a new credit card please click here. Both support LiveAndLetsFly.com.


If you haven’t followed us on Facebook or Instagram, add us today.

I’ve Been Saving Them For Years

Alaska Airlines’ Mileage Plan is an incredibly lucrative loyalty program for a few reasons. First, they partner for earning and redeeming with (11) carriers from a combination of Skyteam, Star Alliance, and independent carriers. That’s in addition to (soon) 15 oneworld Alliance members. Second, its redemption rates are below many peers.

While I could credit American flights (now) to Alaska Airlines that hasn’t always been the case,  and there are few opportunities to fly the carrier directly from Pittsburgh.

However, over the years I have accrued miles in the program and amassed enough to make a valuable redemption. It’s been around 5-6 years that I started accruing through various random partner flights that made sense to credit to the carrier and transactions. I have a need, a one-way from Europe to the United States that I would like to redeem in business class for three people and an infant. I found the space but then I noticed a problem.

Devastation

Rather than more than 171,000 Mileage Plan miles, my balance showed at just 1,627. My heart sank, I panicked. It was more than just the fact that I couldn’t make my redemption and lost out on thousands, perhaps nearly as much as $10,000 in value if I were to buy the one-way tickets in cash. It felt like someone had been in my home, had gone through my things, and left most of it as they found it, but took this one thing of value and importance.

alaska airlines mileage plan fraud hacked balance

There are a few quirks about Mileage Plan’s site and one of them is that recent activity doesn’t show anything as a default older than three months. To see more activity, one must select “Filters Applied” and even then, it categorizes earnings first by method (five choices) before a second section offers three, six, 12 and 24 months.

alaska airlines mileage plan fraud hacked redemptions

Selecting 24 months revealed that whoever compromised my account booked high end Qatar Airways flights beginning in May of last year. Another significant redemption was made in December. It’s absolutely true that I have not checked this account frequently enough to notice. It’s also true that while I have Award Wallet, I haven’t paid attention and haven’t checked that in some time.

Shame on me.

Something else to consider is that my password still worked. Whoever compromised my account didn’t change my password at all so logging in for my redemption, I was none the wiser and it didn’t set off any alarm bells.

Quick, But Incomplete Resolution

Mileage Plan’s service center for matters of this nature (800-654-5669) is open 7 AM – 7 PM – no time zone or days of the week provided in my communication with the airline. My call was answered by Yolanda and admittedly, she was excellent. One point of concern was that I couldn’t recall my prior address off the top of my head and I had to look it up, but she was fine with this as I had verified the rest of my information but from a social engineering aspect, it felt like my honest recollection issue should have flagged it further for her.

She asked me to send a copy of my ID (passport or driver’s license) to their email address for this purpose. I did so and she verified my information further.

Within ten minutes, all of the stolen miles had been returned to my account, my email address I sent my ID from was my new address and all was well with the world again. I also added a redemption PIN.

But it wasn’t. I gave it about ten minutes for the changes to take hold, the miles appeared in my balance and I needed to tighten up my security and change my password. I couldn’t quickly find a way to determine the email address, phone, or even physical address I have on file with Alaska. However, when I went to reset my password, there it was. The email address and phone number that the perpetrators had changed were still there and hadn’t been updated to my phone number (provided on the call) nor the email (I sent my ID from.)

alaska airlines mileage plan fraud hacker details

As such, I couldn’t change my password online, it would just alert the thieves that I was doing so. I had to again call in, authorize myself in, and have it changed over the phone.

By not changing it as agreed, I could have flagged that the miles had been replaced, that I was aware of the security issue and suggested to those that hacked, engineered, or otherwise compromised my account that they book something from the replacement miles right away.

Satisfied Customer

In the end, I am impressed by a few things. While Yolanda didn’t get the email and phone number updated as I had expected, she was really kind, helpful, and patient. And while Alaska Airlines might need to brush up some security protocols, they did the right thing in empowering agents to rectify problems like this without involving a manager, or extensive documentation process.

I remain concerned that I didn’t receive an email from Alaska saying that my details (email and phone number) had been changed initially. Those would have caused me to jump in and alert them of the compromise before any miles were redeemed in the first place and secure my account.

However, in the end, the miles were replaced by a friendly rep capable of solving my problem right away. It’s hard to get mad about that.

Conclusion

It could have been far worse. I could have faced a lengthy process to prove my identity. I had already thought about how Alaska could verify it wasn’t me from the IP address used to purchase the tickets, to unusual travel patterns; we could have looked at when the email address was changed in relation to the first redemption. It’s possible that Alaska would have viewed the transactions as too old to credit back and done nothing at all. But in the end, the airline spared me from any of that. The value from the program remains exceedingly valuable and if anything, it encouraged me to check my accounts more often, update my security, and probably double down on Alaska Airlines in the future. It’s easy to look like a great airline when everything is going right, but when there are challenges like this one, they made it easy to resolve and rose to the occasion.

What do you think? Have you had your account compromised? How was your experience? 

Article source: https://airlines.einnews.com/article/718643377/jJT2dwFPxOI8mwYY?ref=rss&ecode=vaZAu9rk30b8KC5H

Leave a Reply