The attacks on airline loyalty program accounts in late December 2014 were broader than initially reported. American Airlines was also a target, along with United Airlines. The United Airlines news came out at the end of the month as the company notified users, locked down accounts and changed the login requirements on its website. American Airlines AAdvantage accounts were targeted in the same attacks but only acknowledged the issue earlier today.
American spokeswoman Martha Thomas said that about 10,000 accounts were affected and some have been frozen while the airline and customer set up new accounts, starting with customers who have at least 100,000 miles. She said the airline isn’t aware of anyone booking a free trip.
In that same AP story a United rep says “up to three dozen” accounts had illicit bookings made. The number of locked out accounts is much higher than that, however, based on other reports online.
Both companies maintain that their internal systems were not compromised and that the compromised usernames and passwords came from a 3rd party source, though that source has not been identified. It is also interesting how long the companies waited to inform consumers about the issues. United took a couple weeks before notifying anyone and American waited two more weeks after that to notify customers or lock down targeted accounts.
We talked a bit about the delayed notification and poor handling of the UA version in a recent Dots, Lines & Destinations podcast episode. And I’m betting we’ll talk about it again now that we know American is involved, too.
Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.