Hackers infiltrate Hilton HHonors, drain points

Not content with lifting credit card information and disabling websites, hackers recently targeted the Hilton HHonors reward program, draining some accounts of their accumulated points.

According the The Register, Hilton responded to the hack by adding a CAPTCHA feature to its loyalty program site, designed to discourage automated programs accessing the site, which will also fight against programs designed to guess PIN codes. Beyond this, the company has yet to acknowledge the breach, though some customers reported being reimbursed their stolen credit.

Hilton's loyalty program has as many as 38 million members, 

Virtual Event

Hotel Optimization Part 3 | January 27, 2021

With 2020 behind us and widespread vaccine distribution on the horizon, the second half of the new year is looking up, but for Q1 (and most likely well into Q2) we’re very much still in the thick of what has undeniably been the lowest point of the pandemic. What can you be doing now to power through and set yourself up for a prosperous 2021 and beyond? Join us at Part 3 of Hotel Optimization – A Virtual Event on January 27 from 10am – 1:05pm ET for expert panels focused on getting you back to profitability.

Security expert Brian Krebs of Krebs On Security reported that the hackers were able to use over a quarter of a million points belonging to one customer before using his credit card to purchase more. 

Krebs was able to uncover a number of online forums where hotel loyalty points were on sale for a fraction of their worth. An allotment of points worth $1,200 in hotel reservations could be acquired for approximately $12. The points are valuable currency for hackers, as they can be redeemed for items at Hilton's shopping mall.

Breaches like this are becoming more common, and they shouldn't be surprising. In late September, a study released by Deloitte found that 75 percent of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution – but only 33 percent feel their accounts are secure enough. 

The study found that travel and hotel companies are asking for more personal data from customers than ever before, but are not matching these requests with equal security. The study also showed that any breach of loyalty data would have a significant impact on the brand involved, with 23 percent of survey respondents saying that, should a breach occur, they would be less likely to return to that company, while 15 percent said they felt "a lot less likely" to return.