Disclosure: This article may contain compensated links. See our full disclosure here.
Recently, 240,000+ points were stolen from my Hilton Honors Account. Here’s what happened, how it turned out, and how you can (and should) protect your airline frequent flyer miles and hotel points.
My Hilton Honors points were stolen
Over a long weekend, Jim and I were hosting a dinner party for friends. While I was busy getting dinner on the table, someone else was apparently busy emptying my Hilton Honors account.
The timing could not have felt worse. Just as I was about to serve dinner to a houseful of guests, I happened to see an email notice pop up on my phone congratulating me for redeeming my Hilton Honors points at Amazon.com. The problem, of course, was that I had done no such thing.
My Hilton Honors points were stolen.
Someone had hacked my account and stolen 240,005 points, redeeming them for an Amazon purchase, allowing the hacker to buy $480.01 in merchandise.
I felt the rising sense of panic that comes from knowing someone has accessed your account, stolen from you, and violated your privacy. I immediately clicked on the link provided in the event of unauthorized account activity. Hilton’s automated response indicated that the fraud department would respond in 5-7 days.
That timeline did not match the sense of urgency I felt, so I called Hilton directly. (In addition to wanting to have my account secured, I did not want the thief to be successful and was hoping the fraud department would be able to put the kibosh on this “purchase” before Amazon shipped the items.)
I have to give credit to the agent who took my call. She was calm, efficient, and reassuring. She confirmed that she could see the transaction, temporarily suspended my account so the thief could not take my few remaining points or access my personal information, and assured me that my points would be reinstated.
After our brief but reassuring conversation, I was able to turn my attention back to our guests and enjoy the rest of our evening.
How was the theft of my points resolved?
On the first business day after the theft, I received an email from the Hilton Fraud Department letting me know that my points had been returned to my account. I had to create a new password then logged in and, sure enough, there they were! Kudos to Hilton for handling this quickly and professionally. [Full disclosure: I have Hilton’s top tier loyalty status (Diamond), thanks to the Hilton Honors American Express Aspire Card, but I don’t believe that had any impact on my treatment.]
How to protect your points from being stolen
If you have worked hard to build up a balance of hotel points or frequent flyer miles, I’m pretty sure you too would not want to see them disappear into the ether. Here are a few things you can do:
1. Monitor the email messages you receive from those companies.
In this case, I received the notice about my supposed purchase within minutes of the transaction happening and was able to take immediate action. I have no doubt the thief chose a holiday weekend knowing that Hilton’s fraud office would be closed and that the victim would probably not be paying attention.
2. Do not use the same password across multiple accounts.
It can be a pain to manage tons of passwords, but if you are using the same password across multiple accounts, when one is compromised, all are compromised.
3. Enable two-factor authentication on your accounts.
I do this for my banking but, to be honest, I didn’t realize I could do this on my Hilton and airline accounts. To add two-factor authentication, simply log into your Hilton account, go to “My Profile” and select “Personal Information”. There, under “Enhanced Security” you can add this extra layer of protection to your account.
Now, just in case your take-away from this story was “Cool, I didn’t know you could redeem Hilton points at Amazon.” Let me just say, “Don’t do it!” Not only was this theft, but it was also a TERRIBLE redemption!
The thief presumably got about $480 in merchandise, but for the same number of points you could have a five-night stay at the Hilton Waikiki Beach in Hawaii or the Rome Cavalieri Waldorf Astoria, for example.
Key takeaways
Secure and monitor your accounts and don’t make bad redemptions.
Have you ever had your points or miles stolen? How did it turn out?
Thank you for sharing your story and great tips! Sure glad it had a happy outcome! And congrats on your quick thinking!!!
Thank you! It was stressful, but all is well that ends well.
Kathy, good, fast thinking and good for Hilton for its rapid customer assistance. Catie
Thanks! Yes, I thought Hilton did a great job handling this. Kudos to them
Only diamond members get points refunded quickly. This is a scam done by Hilton to keep points valuations off their balance sheet. I contact FBI Internet crime center, CEO’s of Amazon and Hilton and am working with a class action attorney to handle this matter. This is a criminal act being dome by behalf of Hilton themselves and trying to blame Amazon or weak cyber security. They can easily block Amazon to prevent this from happening yet want it to continue for financial benefit at the expense of their consumers.
I don’t know who is culpable, but from my Internet research it does seem to be a fairly common occurrence indeed.
I also had similar experience with you. I registered an e-mail address which I don’t check often. At the day my points were redeemed, I got thousand of spam mails in there.
My HH application alerted me that my reservation is upcoming, so at that time I realized my points were stolen.
I called Customer Care and they restored my points, but I’m wondering how it happens.
I’m sorry that this happened to you as well. I’m glad to hear though that Hilton was able to restore your points. If you haven’t already done so, be sure to activate that two-factor authentication and update to a very secure password. Best of luck!