Disclosure: This article may contain compensated links. See our full disclosure here.
Over Labor Day weekend, 240,000+ points were stolen from my Hilton Honors Account. Here’s what happened, how it turned out, and how you can (and should) protect your airline frequent flyer miles and hotel points.
My Hilton Honors points were stolen
On Labor Day weekend, Jim and I were hosting a dinner party for friends. While I was busy getting dinner on the table, someone else was apparently busy emptying my Hilton Honors account.
The timing could not have felt worse. Just as I was about to serve dinner to a houseful of guests, I happened to see an email notice pop up on my phone congratulating me for redeeming my Hilton Honors points at Amazon.com. The problem, of course, was that I had done no such thing.
Someone had hacked my account and stolen 240,005 points, redeeming them for an Amazon purchase, allowing the hacker to buy $480.01 in merchandise.
I felt the rising sense of panic that comes from knowing someone has accessed your account, stolen from you, and violated your privacy. I immediately clicked on the link provided in the event of unauthorized account activity. Hilton’s automated response indicated that the fraud department would respond in 5-7 days.
That timeline did not match the sense of urgency I felt, so I called Hilton directly. (In addition to wanting to have my account secured, I did not want the thief to be successful and was hoping the fraud department would be able to put the kibosh on this “purchase” before Amazon shipped the items.)
I have to give credit to the agent who took my call. She was calm, efficient, and reassuring. She confirmed that she could see the transaction, temporarily suspended my account so the thief could not take my few remaining points or access my personal information, and assured me that my points would be reinstated.
After our brief but reassuring conversation, I was able to turn my attention back to our guests and enjoy the rest of our evening.
How was the theft of my points resolved?
On the first business day after the theft, I received an email from the Hilton Fraud Department letting me know that my points had been returned to my account. I had to create a new password then logged in and, sure enough, there they were! Kudos to Hilton for handling this quickly and professionally. [Full disclosure: I have Hilton’s top tier loyalty status (Diamond), thanks to the Hilton Honors American Express Aspire Card, but I don’t believe that had any impact on my treatment.]
How to protect your points from being stolen
If you have worked hard to build up a balance of hotel points or frequent flyer miles, I’m pretty sure you too would not want to see them disappear into the ether. Here are a few things you can do:
1. Monitor the email messages you receive from those companies.
In this case, I received the notice about my supposed purchase within minutes of the transaction happening and was able to take immediate action. I have no doubt the thief chose a holiday weekend knowing that Hilton’s fraud office would be closed and that the victim would probably not be paying attention.
2. Do not use the same password across multiple accounts.
It can be a pain to manage tons of passwords, but if you are using the same password across multiple accounts, when one is compromised, all are compromised.
3. Enable two-factor authentication on your accounts.
I do this for my banking but, to be honest, I didn’t realize I could do this on my Hilton and airline accounts. To add two-factor authentication, simply log into your Hilton account, go to “My Profile” and select “Personal Information”. There, under “Enhanced Security” you can add this extra layer of protection to your account.
Now, just in case your take-away from this story was “Cool, I didn’t know you could redeem Hilton points at Amazon.” Let me just say, “Don’t do it!” Not only was this theft, but it was also a TERRIBLE redemption!
The thief presumably got about $480 in merchandise, but for the same number of points you could have a five-night stay at the Hilton Waikiki Beach in Hawaii or the Rome Cavalieri Waldorf Astoria, for example.
Secure and monitor your accounts and don’t make bad redemptions.
Have you ever had your points or miles stolen? How did it turn out?