2 airlines were targets of attempt to steal customers’ miles
DALLAS (AP) -- Thieves with stolen usernames and passwords have broken into customer accounts at American and United airlines and in some cases booked free trips.
The airlines say the incidents happened in late December. American began notifying affected customers by email on Monday, a spokeswoman said.
American spokeswoman Martha Thomas said that about 10,000 accounts were affected and some have been frozen while the airline and customer set up new accounts, starting with customers who have at least 100,000 miles. She said the airline isn't aware of anyone booking a free trip.
But at United, spokesman Luke Punzenberger said thieves booked trips or made mileage transactions on up to three dozen accounts.
Punzenberger said that United would restore miles to anyone who had them stolen. Thomas said that American would pay for a credit-watch service for one year for affected customers.
Both were quick to say that nobody hacked their systems - that thieves got usernames and passwords somewhere else and tried to use them to log into American's AAdvantage and United's MileagePlus, hoping that the login information would be the same. They said that other information such as entire credit-card numbers were not exposed.
The representatives said they did not know how thieves acquired the usernames and passwords, but cautioned against using the same information on multiple websites.
Punzenberger said that United has begun requiring customers to also enter their MileagePlus number when logging in.
Hilton Hotels recently began requiring members of its rewards program to click a link declaring that, "I am not a robot," then enter a numeral generated by the site to complete the login process.