Hackers steal loyalty rewards points that can be worth thousands for travelers
By Kurtis Ming
Click here for updates on this story
SACRAMENTO, California (KCRA) — Hackers are increasingly targeting loyalty rewards points, leaving travelers struggling to recover stolen miles and rewards.
Linda Roth, a seasoned traveler, discovered nearly 200,000 of her American Airlines AAdvantage miles had been stolen from her account over a weekend.
“I was just crushed,” Roth said. “It’s a violation. It’s a theft. And I did shed a few tears. I did cry.”
The stolen miles were used by a hacker to buy gift cards. Roth says she faced challenges reaching American’s fraud department which is closed on weekends. She called back on a Monday.
“I was on hold for over an hour, and when I finally got to the fraud department, ‘there was nothing we can do. And our policy is that we cannot reinstate your miles,'” Roth said.
Clint Henderson, a representative from The Points Guy, shared a similar experience.
Two years ago, scammers drained his American Airlines account, using his miles to book rental cars in New York City.
“I was like, that definitely wasn’t me, and sure enough, my account had pretty much been drained,” Henderson said.
Henderson revealed that American Airlines valued his stolen 449,500 miles at $13,260.
“These things do have value,” he said.
Experts say hackers often scan the dark web for breached usernames and passwords, then use them to access accounts and siphon loyalty points. Roth noted that thieves exploit the fact that fraud departments are closed on weekends.
“They’ll steal your stuff on the weekend when there’s no way to report it,” she said.
Henderson criticized the limited hours of American’s fraud department.
“I don’t think in this day and age you can have your fraud department only open business hours Monday through Friday. I think that doesn’t work anymore,” he said.
American Airlines responded to KCRA 3, stating, “When we identify or are made aware of unauthorized activity in an AAdvantage account, we act quickly to secure the account and work directly with the customer to resolve the issue and help prevent similar incidents.” The airline recommends using strong, unique passwords and enabling multifactor authentication for email accounts.
Both Roth and Henderson admitted they had been using old passwords created before multifactor authentication was available.
American Airlines required them to file police reports, which they described as a hassle. However, after completing the process, the airline restored their stolen miles.
Roth, who plans to use her restored miles for a trip to Australia, said, “I’m a big traveler, Kurtis. I’ve been to all seven continents, but I haven’t been to Australia yet, so that was definitely on my list, and I know American flies there.”
American Airlines confirmed its fraud department operates Monday through Friday but emphasized that customer service agents are available 24/7 to lock accounts if fraud is reported.
Travelers are encouraged to log in to their loyalty accounts, update passwords, and enable multifactor authentication to protect their rewards points from hackers.
Please note: This story was provided to CNN Wire by an affiliate and does not contain original CNN reporting. This content carries a strict local market embargo. If you share the same market as the contributor of this article, you may not use it on any platform.