If you have miles in the programs of American or United, this would be a good time to check your account balance and confirm that all your miles are intact.
In the past few weeks, hackers have used others’ usernames and passwords to access AAdvantage and MileagePlus accounts and fraudulently redeem miles for award travel. It’s unclear how the users’ credentials were obtained.
According to an Associated Press story, around 10,000 AAdvantage accounts were breached. For United, the numbers were much smaller, in the dozens.
American is currently in the process of advising affected AAdvantage members to change their account numbers and passwords. Per a discussion of the breach on FlyerTalk, American’s boilerplate email message reads as follows:
As the result of unauthorized access to your AAdvantage account, we are providing you with a new AAdvantage account number. We will contact you again shortly with additional details, but in the meantime we have taken this action to help protect the security of your account.
Please be sure to use AAdvantage account XYZABC for all of your mileage earning and redemption activity. If you earn miles through any of our partners or book your flights through a travel agency or corporate booking tool, we recommend you update your account number with them.
All transactions and balances from the compromised account are included in account XXXXXXX, and there is a balance of XXX,XXX miles available for award redemption.
To see additional account information, please login on AA.com with the new AAdvantage account number, and select Forgot/Need Password from the Login screen to create a new password. Do not use the same password that you used previously, and do not use the same password you use on other online sites. While you are logged into your account, we recommend you review your email and notification selections to ensure they are set properly.
Although both American and United have identified some of the affected accounts, and have promised to restore any missing miles, there may well be breaches that have gone undetected by the airlines themselves. Which is why it behooves all AAdvantage and MileagePlus members to check their accounts for any recent suspicious activity. And while they’re at it, it’s always a good idea to periodically change passwords. If Sony and the U.S. military’s Central Command can be hacked, you can be too.
Reader Reality Check
Were you affected by the data breach?
This article originally appeared on FrequentFlier.com.