Hackers infiltrate Hilton HHonors, drain points

Not content with lifting credit card information and disabling websites, hackers recently targeted the Hilton HHonors reward program, draining some accounts of their accumulated points.

According the The Register, Hilton responded to the hack by adding a CAPTCHA feature to its loyalty program site, designed to discourage automated programs accessing the site, which will also fight against programs designed to guess PIN codes. Beyond this, the company has yet to acknowledge the breach, though some customers reported being reimbursed their stolen credit.

Hilton's loyalty program has as many as 38 million members, 


Like this story? Subscribe to Operations & Technology!

Hospitality professionals turn to Operations & Technology as their go-to source for breaking news on guestrooms, food & beverage, hospitality and technology trends, management and more. Sign up today to get news and updates delivered to your inbox daily and read on the go.

Security expert Brian Krebs of Krebs On Security reported that the hackers were able to use over a quarter of a million points belonging to one customer before using his credit card to purchase more. 

Krebs was able to uncover a number of online forums where hotel loyalty points were on sale for a fraction of their worth. An allotment of points worth $1,200 in hotel reservations could be acquired for approximately $12. The points are valuable currency for hackers, as they can be redeemed for items at Hilton's shopping mall.

Breaches like this are becoming more common, and they shouldn't be surprising. In late September, a study released by Deloitte found that 75 percent of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution – but only 33 percent feel their accounts are secure enough. 

The study found that travel and hotel companies are asking for more personal data from customers than ever before, but are not matching these requests with equal security. The study also showed that any breach of loyalty data would have a significant impact on the brand involved, with 23 percent of survey respondents saying that, should a breach occur, they would be less likely to return to that company, while 15 percent said they felt "a lot less likely" to return.

Suggested Articles

As of April 2, more than half of Accor’s branded hotels were closed worldwide, a portion the company said could grow to two-thirds in coming weeks.

The company's U.S. hotels also have begun offering free rooms to all medical professionals, including doctors, nurses and first responders.

The George and Calvary Court hotels in College Station, Texas, are feeding 30 local college students who are in need due to the COVID-19 pandemic.