back to article Hackers plunder Hilton 'HHonors' rewards points, go on shopping spree

Millions of Hilton HHonors* rewards points are being stolen and sold online traded in by scammers for gift cards and goods. Points appear to be stolen through brute force attacks. One user on a forum has released simple capture code alleged to have been used to breach accounts protected only with a four-digit PIN on the Hilton …

  1. thomas k.

    hmmm

    This should make an interesting topic of conversation at work for the next few days.

  2. Winkypop Silver badge
    Paris Hilton

    Hilton Honor

    Who knew she had any?

    1. Ken Y-N
      Joke

      As the old joke goes

      She HHoffered HHer HHonor, HHe HHonored HHer HHoffer, so all night long it was HHon HHer and HHoff HHer.

      1. Anonymous Coward
        Pint

        Re: As the old joke goes

        HHa HHa HHa*

        * Damn, you beat me to the punch, but I had to do it anyway.

  3. Elmer Phud Silver badge

    And what do points make?

    I know I have a Nectar card and a Clubcard but the points awarded are os such a low value that I don't really bother waving the card about much.

    I do occasionally check to see how many Nectaar points I've got then laugh at what I can get for them.

    But it's good to see one of these 'points' companies being caught with thier protection down -- I've often wondered how to get enough points for them to be of any use -- now I know.

  4. Anonymous Coward
    Anonymous Coward

    Not the first...

    Troy Hunt blogged a few years ago about the vulnerability of Tesco and their Clubcard points:

    http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html

    Not surprisingly, the inevitable happened this year and Tesco was hacked. Troy further blogged on how it might have happened:

    http://www.troyhunt.com/2014/02/the-tesco-hack-heres-how-it-probably.html

    Not really been Tesco's year, has it...

  5. hi_robb

    Hmm

    It would seem there's Honour among thieves..

  6. Robert Helpmann?? Silver badge
    Facepalm

    It Just HHurts

    The company has yet to acknowledged [STET] a breach, although customers claim it has reimbursed stolen credit to individuals reporting theft.

    Perhaps if they don't make eye contact, this will all go away. This program is supposed to entice customers to use their services. Instead, the way they have so far handled this should encourage them to look elsewhere. The way to deal with this should be more along the lines of 1) publicly admitting there was a problem, 2) explain what has been and/or will be done to correct it, and 3) restore any points lost by customers before they ask, and 4) give additional points to all of their customers to apologize for any inconvenience they may have experienced (AKA a bribe).

    For a customer loyalty program, they are doing an excellent job for their competitors.

  7. Randalfson

    Question

    Forgive my naivety, but I've always wondered, once an account has been hacked like this, what next?

    I mean, you've got someone else's points but surely you run a high risk of getting caught when you try and cash them out? I'm assuming it'll be you wanting that fancy hotel room for free, or you who will be wanting that high-value giftcard? Are there no verifications on names and/or addresses?

  8. Anonymous Coward
    Anonymous Coward

    SMS spam

    I've always wondered whether the Hilton customer DB had been pwned, ever since I got received an SMS spam around 10 minutes after giving the front desk my work mobile number. I hadn't had spam in the few years before that, and curiously never in the few years since.... Perhaps it was just a coincidence...

  9. Fuh Quit
    FAIL

    I'm so happy

    My Miles and More has a 5-number PIN foisted upon me. It surely must be more secure than my HH points right now.....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019