Moderators: richierich, ua900, PanAm_DC10, hOMSaR

 
genybustrvlr
Topic Author
Posts: 105
Joined: Wed Jul 14, 2010 4:30 am

United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 5:42 am

These are my question... No source... No link... Don't freak out..

High Level Question: Was United.com hacked without disclosure to customers?

Facts:

1) Since late December / early January I cannot use my user id or e-mail to log in. I must use my MileagePlus # and password. (Which I find very annoying from a customer service perspective.) This is a change from past United.com functionality.
2) I e-mailed United multiple times and have asked Premier representatives to explain this change. Nobody will tell me why, if they even acknowledge the change.
3) Today, upon login to book a flight, I was asked to verify/update my account information (name, address, telephone number) and accept new terms and conditions. (which I obviously did not read because who has 45 minutes for that.)

I find this whole situation suspicious.

Why would United roll back account login to a 1990s standard that inconveniences customers without an absolute security need?

Why, shorty after the login restrictions do I now need to verify/update information that has been on file for quite some time?

What legal obligation does an airline have, if any, to disclose Cybersecurity breaches to customers? I work in the highly regulated finance industry and such a breach requires very explicit disclosure to customers.

Thanks for your replies...

Again, questions, no source don't go a.nuts and make me leave this site for years again.

[Edited 2015-03-19 22:55:36]
 
flynhi808
Posts: 137
Joined: Tue Apr 08, 2014 3:30 am

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 5:47 am

Quoting genybustrvlr (Thread starter):
a.nuts

      thats gotta be the best thing i've heard all week

Quoting genybustrvlr (Thread starter):
What legal obligation does an airline have, if any, to disclose Cybersecurity breaches to customers?

I would assume they would have to disclose it...
fly-n-HI-808
 
N104UA
Posts: 302
Joined: Sat Dec 08, 2007 11:27 pm

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 6:29 am

Quoting genybustrvlr (Thread starter):
3) Today, upon login to book a flight, I was asked to verify/update my account information (name, address, telephone number) and accept new terms and conditions. (which I obviously did not read because who has 45 minutes for that.)

Companies update their TOS all of the time, I read this (took about 10 min) and there was nothing crazy in it that I could see.
"Learn the rules, so you know how to break them properly." -H.H. The Dalai Lama
 
AA737-823
Posts: 5524
Joined: Wed Mar 01, 2000 11:10 am

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 8:08 am

Yes, United/MileagePlus was hacked, along with the FF databases of several other US carriers.
But it was made public over a month ago.
Google is your friend.
 
ghifty
Posts: 906
Joined: Sun Jul 25, 2010 9:12 pm

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 8:43 am

Quoting genybustrvlr (Thread starter):

Hmm, I wouldn't be too alarmed with this change.

Delta.com now forces you to use your SM# and password. Previously I would just use my Last Name and a 4 digit pin code. The change also required me to change my password and enter more variations of characters/numbers. L

Other sites like Gmail and Facebook are also requiring you to verify accounts with a phone #.. So, seems like a general tightening of web security.. A litte inconvenient because it's about as complicated for me to sign into banking accounts as it to access Facebook, but hey it seems like hackers are breaking in more often..
Fly Delta (Wid)Jets

Comments made here reflect only my personal opinions.
 
User avatar
cosyr
Posts: 1551
Joined: Thu Jul 26, 2012 3:23 pm

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 12:33 pm

Quoting genybustrvlr (Thread starter):
3) Today, upon login to book a flight, I was asked to verify/update my account information (name, address, telephone number) and accept new terms and conditions. (which I obviously did not read because who has 45 minutes for that.)

They have asked me to do this once a year for the last several years. And everytime, it has failed to take me off that page after I click save or accept, or whatever it says. Annoying, but routine.
 
Rdh3e
Posts: 3634
Joined: Wed Mar 30, 2011 2:09 pm

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 2:08 pm

Quoting flynhi808 (Reply 1):
I would assume they would have to disclose it...

I don't think there is any requirement but lots of places do for fear of it coming out by other means and embarrassing them.

Quoting AA737-823 (Reply 3):

Yes, United/MileagePlus was hacked, along with the FF databases of several other US carriers.
But it was made public over a month ago.
Google is your friend.
http://www.mainstreet.com/article/un...-loyalty-programs-have-been-hacked
 
rwsea
Posts: 2515
Joined: Sun Jan 30, 2005 2:23 pm

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 2:49 pm

Quoting genybustrvlr (Thread starter):
1) Since late December / early January I cannot use my user id or e-mail to log in. I must use my MileagePlus # and password. (Which I find very annoying from a customer service perspective.) This is a change from past United.com functionality.

Many people use the same username and password for several websites. If someone is able to hack your username and password somewhere else, there exists the possibility they can log in to your profile on the UA website. UA had many issues with just that happening, and thus went back to a unique log in for their website to reduce such fraud.

Doesn't seem like something warranting this level of hysteria. Let your account get hacked and then try getting your miles back... and then tell us which is more annoying from a "customer service" perspective.
 
User avatar
airzim
Posts: 1490
Joined: Wed Jun 20, 2001 7:40 am

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 3:34 pm

It's also why they are moving away from e-mail addresses as a login name, which is easy to snag.

Once you get an e-mail address, it's easy to run a program that simulates 4 digit passwords until it gets a match. Because people tend to reuse passwords, once you've cracked one website, you've got access to tons of accounts.
 
User avatar
ua900
Moderator
Posts: 1621
Joined: Sun Feb 09, 2014 7:14 am

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 5:25 pm

Quoting genybustrvlr (Thread starter):
Why would United roll back account login to a 1990s standard that inconveniences customers without an absolute security need?

Why, shorty after the login restrictions do I now need to verify/update information that has been on file for quite some time?

They got hacked, hence the change. IIRC everyone affected got their miles back. So it seems like a security related precaution on their part to minimize reimbursements.

All, to the OPs second question, any reason why they would require verification of contact information as part of login? I get the TOS update acknowledgements, but Apple and others don't seem to require contact information to be validated as frequently it seems. It may be anecdotal, but I've run into this 3-4 times over the past 12 months or so.
2020: AMS | ATL | BRU | DAL | DEN | DFW | EWR | FRA | GUA | IAH | LAX | LIM | MCO | MUC | ORD | PTY | SAL | SCL | SFO | TPA | TXL
 
maxamuus
Posts: 256
Joined: Fri Feb 18, 2011 3:49 pm

RE: United Website - Questions - Don't Freak Out

Fri Mar 20, 2015 5:50 pm

Quoting airzim (Reply 8):
It's also why they are moving away from e-mail addresses as a login name, which is easy to snag.

Once you get an e-mail address, it's easy to run a program that simulates 4 digit passwords until it gets a match. Because people tend to reuse passwords, once you've cracked one website, you've got access to tons of accounts.

Which is EXACTLY what happened. The system wasn't hacked. Hackers obtained the email addresses from some other source and had pins as well. People tend to use the same pin on many different accounts so it was pretty easy to get into their accounts.

Who is online

Users browsing this forum: No registered users and 13 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos