Hackers infiltrate Hilton HHonors, drain points

Not content with lifting credit card information and disabling websites, hackers recently targeted the Hilton HHonors reward program, draining some accounts of their accumulated points.

According the The Register, Hilton responded to the hack by adding a CAPTCHA feature to its loyalty program site, designed to discourage automated programs accessing the site, which will also fight against programs designed to guess PIN codes. Beyond this, the company has yet to acknowledge the breach, though some customers reported being reimbursed their stolen credit.

Hilton's loyalty program has as many as 38 million members, 

Virtual Roundtable

Post COVID-19: The New Guest Experience

Join Hotel Management’s Elaine Simon for our latest roundtable—Post COVID-19: The New Guest Experience. The experts on the panel will share how to inspire guest confidence that hotels are safe and clean and how to win back guest business.

Security expert Brian Krebs of Krebs On Security reported that the hackers were able to use over a quarter of a million points belonging to one customer before using his credit card to purchase more. 

Krebs was able to uncover a number of online forums where hotel loyalty points were on sale for a fraction of their worth. An allotment of points worth $1,200 in hotel reservations could be acquired for approximately $12. The points are valuable currency for hackers, as they can be redeemed for items at Hilton's shopping mall.

Breaches like this are becoming more common, and they shouldn't be surprising. In late September, a study released by Deloitte found that 75 percent of frequent travelers expect their loyalty program data to be secured to at least the same standard as a financial institution – but only 33 percent feel their accounts are secure enough. 

The study found that travel and hotel companies are asking for more personal data from customers than ever before, but are not matching these requests with equal security. The study also showed that any breach of loyalty data would have a significant impact on the brand involved, with 23 percent of survey respondents saying that, should a breach occur, they would be less likely to return to that company, while 15 percent said they felt "a lot less likely" to return.

Suggested Articles

The company has seen resilient performance from its Holiday Inn brand family, in addition to signing almost 100 properties under the flags in H1 2020.

The report suggests the hotel industry has made “promising” weekly occupancy gains since the low point of the pandemic.

Former Director of Operations Kimberly O’Fallon has been promoted to help drive the company’s growth plans.