Hackers infiltrate Hilton HHonors, drain points

Not content with lifting credit card information and disabling websites, hackers recently targeted the Hilton HHonors reward program, draining some accounts of their accumulated points.

According the The Register, Hilton responded to the hack by adding a CAPTCHA feature to its loyalty program site, designed to discourage automated programs accessing the site, which will also fight against programs designed to guess PIN codes. Beyond this, the company has yet to acknowledge the breach, though some customers reported being reimbursed their stolen credit.

Hilton's loyalty program has as many as 38 million members, 

FREE DAILY NEWSLETTER

Like this story? Subscribe to Operations!

Hospitality professionals turn to Operations as their go-to source for breaking news on guest rooms, food & beverage, hospitality trends, management, and more. Sign up today to get news and updates delivered to your inbox daily and read on the go.

Security expert Brian Krebs of Krebs On Security reported that the hackers were able to use over a quarter of a million points belonging to one customer before using his credit card to purchase more. 

Krebs was able to uncover a number of online forums where hotel loyalty points were on sale for a fraction of their worth. An allotment of points worth $1,200 in hotel reservations could be acquired for approximately $12. The points are valuable currency for hackers, as they can be redeemed for items at Hilton's shopping mall.

Breaches like this are becoming more common, and they shouldn't be surprising. In late September, a study released by Deloitte found that 75 percent of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution – but only 33 percent feel their accounts are secure enough. 

The study found that travel and hotel companies are asking for more personal data from customers than ever before, but are not matching these requests with equal security. The study also showed that any breach of loyalty data would have a significant impact on the brand involved, with 23 percent of survey respondents saying that, should a breach occur, they would be less likely to return to that company, while 15 percent said they felt "a lot less likely" to return.

Suggested Articles

Over the span of a few weeks, four hotels—three Marriott brands and a Cambria Hotel—have opened in the Phoenix area.

The appointees include Nicholas Remes, who now oversees three Marriott-branded hotels in Grand Rapids, Mich., for AHC+Hospitality.

Growing interest in the lodging sector from institutional investors looking for steady returns has spurred an increase in ground-rent deals.