Properly, it lastly occurred — I fell sufferer to one among my loyalty program accounts being hacked, particularly my Southwest Speedy Rewards account. On Dec. 3, I obtained an electronic mail from Southwest at 9:30 p.m. EST confirming my resort reservation at Hampton Inn & Suites Kalamazoo-Oshtemo for a check-in date of Dec. 4 and a checkout date of Dec. 5.
The e-mail acknowledged that 17,100 Southwest factors have been deducted from my account to guide this resort. In line with TPG’s December 2024 valuations, that is about $240 in worth. Initially, I believed this is likely to be a phishing electronic mail rip-off attempting to coax me into clicking on the hyperlinks offered to steal data. Instantly, I logged into my Southwest account to verify if the factors had been deducted.
Sadly, sure, this hacker had used my hard-earned reward factors to guide a resort keep.
Listed here are the steps I took to get my factors again and how one can attempt to forestall hackers from stealing your factors and miles.
Associated: How one can shield your self in opposition to rewards program information breaches
What I did when my Southwest Speedy Rewards account was hacked
After realizing that somebody had accessed my Speedy Rewards account, I instantly modified my password to stop further factors from getting used. Subsequent, I referred to as Southwest to tell the airline that my account had been hacked and that my factors had been used fraudulently.
As a result of it was late at night time, the Southwest consultant knowledgeable me that this was a Speedy Rewards problem — she may solely help with flights and never resort reservations — so I would want to name the telephone line for the loyalty program within the morning when it reopened.
Nevertheless, the Southwest rep informed me to name the resort on to allow them to know that this reservation was made as a result of my account had been hacked. Although it might not assist me get my factors again instantly into my account, it was value leaving a paper path of the steps taken to indicate that this was fraud.
After I referred to as the resort instantly, the entrance desk worker was extraordinarily apologetic. Although she couldn’t cancel the reservation on her finish, she left an in depth notice for her supervisor to provide me a name within the morning so he may attempt to resolve the difficulty.
Every day Publication
Reward your inbox with the TPG Every day e-newsletter
Be a part of over 700,000 readers for breaking information, in-depth guides and unique offers from TPG’s specialists
Associated: How one can establish and forestall bank card fraud
Although nothing additional could possibly be achieved that night time to get my Southwest factors again, I spent the following few hours ensuring my loyalty program passwords have been up to date. Whereas some airways and resort packages have employed two-step authentication, others, similar to Southwest, haven’t but adopted swimsuit.
To offer myself peace of thoughts, I made a decision to alter all of my passwords to attempt to mitigate the chance of my different accounts being hacked and my rewards being stolen utilizing my data.
The following morning, I referred to as Southwest Speedy Rewards and gave the lady an in depth description of what had occurred, explaining that I had instantly contacted Southwest, knowledgeable the airline of the account hack, referred to as the resort and adjusted my account password. The rep informed me that she can be submitting a report and that somebody from Southwest would observe up with me through electronic mail concerning my factors. She famous a number of instances that it was a very good factor I had found the hack instantly, as some folks do not understand for months that they’ve rewards lacking from their account.
After I used to be achieved talking with the Southwest rep, the resort supervisor gave me a name to let me know that he had obtained the reserving notice and he can be canceling the reservation on his finish. As a result of this reservation was booked with factors by means of a 3rd occasion, he couldn’t give me again my rewards, however once more, it confirmed Southwest {that a} paper path was being left to assist my case.
Southwest did give me my factors again, however …
On Dec. 4, I obtained an electronic mail from a Southwest Speedy Rewards rep telling me that the airline takes “the safety of our members’ Speedy Rewards accounts severely, and we shield our members from fraudulent exercise by fortifying your information in opposition to a breach.” The e-mail states that Southwest “requires members to enter a password previous to accessing any of their account data,” they usually encourage the usage of a “robust password.”
The e-mail additionally cites Southwest’s phrases and circumstances, noting that the airline is “not chargeable for unauthorized entry to a member’s account and won’t exchange stolen factors or awards.”
Nevertheless, as a “gesture of goodwill and one-time exception,” Southwest determined to refund me the 17,100 factors.
Except for being a Speedy Rewards member, I additionally maintain the Southwest Speedy Rewards® Plus Credit score Card. I am undecided if this reality was taken into consideration when my case was being reviewed.
Whereas I’m grateful that Southwest returned my reward factors, I can not assist however acknowledge that we dwell in a digital age during which hackers and scammers work endlessly to entry folks’s private account data. Even large companies have fallen sufferer to those hacks. For Southwest to rely solely on one password and never a further step to authenticate the person appears a bit behind the instances.
We reached out to Southwest with my expertise, and a spokesperson despatched us the next assertion:
Southwest is dedicated to defending our Prospects’ accounts with complete cyber safety controls. We’ll proceed to reinforce our core know-how and have carried out a spread of proactive and responsive safety measures throughout our platforms.
It is value noting that Southwest is not alone right here, as a number of different airways — together with American and Frontier — haven’t got two-factor authentication choices for securing your loyalty account balances.
So, how am I attempting to guard my accounts within the wake of this hack?
Associated: Understanding 3D bank card safety and the way it may have an effect on your journeys to different nations
Steps to guard your loyalty accounts to safeguard your factors and miles
Although these further steps aren’t assured to guard your private data and loyalty accounts, they certain will not harm.
Change and replace your passwords
Whether or not you have been hacked or not, updating your password often is a good suggestion, particularly if you have not achieved so in a very long time. Moreover, be sure that to have totally different passwords for every of your accounts. If in case you have one password (or a really related one) for each account, hackers could simply entry all of them.
Arrange two-step authentication (when potential)
These days, many airline and resort loyalty packages supply two-step authentication to assist safe your account. This system will usually require a further code, which will probably be despatched through electronic mail, textual content or by means of an authentication app similar to Google Authenticator.
Get electronic mail and/or textual content alerts
Although nobody likes to be inundated with a bunch of emails and/or texts, it is a good suggestion to ensure your communication preferences are up to date. Most packages will contact you when a reserving is made, your factors and miles are used or even when your contact data/profile has been up to date. This may make it easier to establish fraud early — which might make it simpler to resolve.
As a result of Southwest instantly notified me about my reserving — and since I am somebody who regularly checks my emails on my telephone — I may contact the right events instantly, change my account password and resolve the difficulty.
Associated: My AAdvantage account was hacked: Here is what occurred and how one can shield your self
Backside line
A hacker lately redeemed greater than 17,000 of my Southwest Speedy Rewards factors, although I used to be capable of shortly take steps to get them again. Sadly, I’m not the primary — and will not be the final — factors and miles fanatic to fall sufferer to an account hack. Earlier this 12 months, TPG managing editor Clint Henderson had nearly 400,000 American Airways AAdvantage miles stolen from his account. Fortunately, he too bought them again.
However as fraudsters proceed to get extra intelligent of their hacking strategies, it is best to be diligent and pay shut consideration to your private accounts. Although Southwest refunded me my factors, in keeping with their phrases, this was not assured and alternative of stolen factors is seemingly solely authorized on a case-by-case foundation. Due to this fact, to make sure you do not utterly lose out in your hard-earned rewards, take further steps to safe your accounts.