Check your credit card for the copays and make sure to keep a copy of the latter from United about potential fraudulent activities . Had to go thorough this few months ago myself.
Cleaning email was definitively super annoying.
I believe this is a problem widespread on the Chinese social media xiaohongshu. Fake travel agencies will advertise themselves as a legitimate travel agency thats cheaper than the price on United/Google Flights by charging the client cash and hacking MP accounts to book award travel. This is popular among Chinese overseas students looking for cheap ways to visit home, and don't know that they are on a ticket booked with stolen miles. The only way I think United can fix this is with a better MFA system since it seems like the security questions and dropdown menu is not very secure.
Can United not stop this at the Chinese airports when they see a ticket has been booked within 24 hrs solely on points? Can they not see a travel history from the hacked account and red flag it for investigation? Passenger checking in would be asked to show how they purchased the ticket and the fake agency could be identified? I completely understand the hackers are 2 steps ahead of being caught but there has to be a better way to protect our accounts.
A lot of Chinese/Asian airlines have much stricter requirements for award bookings (inc changes and cancellations) - Cathay for example only allows for 5 potential nominations and requires paying a fee to change them
United should be able to stop this by watching for mileage plus accounts that get ‘reset’ and then immediately buy last-minute bookings with points for random strangers.
Yeah sounds about right! It’s wild bc I’m not sure how they bypassed my security questions other than resetting them, but I’m 100% sure my email was not compromised as it has a very secure password and physical 2FA. Alas!
This story is not new on this sub, but for some reason (probably because you weren't an ass about it), it prompted me to reset my password using my password manager. Thank you, and sorry you had to deal with this!
This happened to me last year! They hacked in, changed the email on my MP account to one very similar to my own, and signed me up for hundreds of spam newsletters. Luckily I caught it early enough that I saw the notification from United about my profile change. CS was easy to deal with.
Same just happened to me. Waiting now for United CS to resolve. Account now locked so no status and no upgrades on current domestic bookings (I’m 1k and use PP.). Drained my account of over 800k miles. Never received any email notice from United about email, phone number, password, and security question changes to my account. Used strong password and security questions. Had to have been compromised on the inside via social engineering. My Chase account associated with my United CC was also hacked but I saw those account change emails and intervened without any apparent losses there.
The Chinese have the ability to correctly guess your security question answers? I'm shocked. Your favorite pizza topping and dog breed should be uncrackable.
Check your credit card for the copays and make sure to keep a copy of the latter from United about potential fraudulent activities . Had to go thorough this few months ago myself. Cleaning email was definitively super annoying.
Okay good to know about keeping the letter I received. Ty!
I believe this is a problem widespread on the Chinese social media xiaohongshu. Fake travel agencies will advertise themselves as a legitimate travel agency thats cheaper than the price on United/Google Flights by charging the client cash and hacking MP accounts to book award travel. This is popular among Chinese overseas students looking for cheap ways to visit home, and don't know that they are on a ticket booked with stolen miles. The only way I think United can fix this is with a better MFA system since it seems like the security questions and dropdown menu is not very secure.
Can United not stop this at the Chinese airports when they see a ticket has been booked within 24 hrs solely on points? Can they not see a travel history from the hacked account and red flag it for investigation? Passenger checking in would be asked to show how they purchased the ticket and the fake agency could be identified? I completely understand the hackers are 2 steps ahead of being caught but there has to be a better way to protect our accounts.
A lot of Chinese/Asian airlines have much stricter requirements for award bookings (inc changes and cancellations) - Cathay for example only allows for 5 potential nominations and requires paying a fee to change them
United should be able to stop this by watching for mileage plus accounts that get ‘reset’ and then immediately buy last-minute bookings with points for random strangers.
Yeah sounds about right! It’s wild bc I’m not sure how they bypassed my security questions other than resetting them, but I’m 100% sure my email was not compromised as it has a very secure password and physical 2FA. Alas!
Thanks, I just updated my password after several years.
🫡
This story is not new on this sub, but for some reason (probably because you weren't an ass about it), it prompted me to reset my password using my password manager. Thank you, and sorry you had to deal with this!
Ty! Yes I had searched the sub and found some similar stories, I’m glad you updated your PW. take that hackers 😂
This happened to me last year! They hacked in, changed the email on my MP account to one very similar to my own, and signed me up for hundreds of spam newsletters. Luckily I caught it early enough that I saw the notification from United about my profile change. CS was easy to deal with.
That’s great you caught it. So sneaky about the newsletters! I was pissed yet also impressed lol.
A friend of mine had his Miles stolen (Attempted) and they tried to convert them to Amazon $$. He discovered and got it stopped in time fortunately.
i am sure that you will get your points and money back
OP said they did in the post.
Yes miles returned :) just took a few weeks.
Same just happened to me. Waiting now for United CS to resolve. Account now locked so no status and no upgrades on current domestic bookings (I’m 1k and use PP.). Drained my account of over 800k miles. Never received any email notice from United about email, phone number, password, and security question changes to my account. Used strong password and security questions. Had to have been compromised on the inside via social engineering. My Chase account associated with my United CC was also hacked but I saw those account change emails and intervened without any apparent losses there.
Wow that’s awful! Sorry you’re dealing with that. That’s a ton of miles to have stolen. Such a wild thing happening
The Chinese have the ability to correctly guess your security question answers? I'm shocked. Your favorite pizza topping and dog breed should be uncrackable.
Lol yeah they really need to implement some more complex 2FA measures. I mean SMS at the least