Frequent Flyer

Hacked: Starwood Members’ Accounts

How to ensure the security of your loyalty points? Details here.

It’s not clear whether incidents of loyalty accounts being hacked are increasing in number, or whether they’re simply being more widely recognized and reported. What’s inarguably true is that we’re hearing more about them.

The latest report of hacked accounts comes from members of the Starwood Preferred Guest program, via FlyerTalk, with posters complaining that their Starwood points had been transferred to airline accounts and redeemed for gift cards. This is at least the second time that SPG accounts have been targeted by hackers.

Starwood’s response to the latest incidents:

First, we want to assure all SPG members that they will not lose any points if their account is affected.

We have a large team actively investigating and attempting to directly contact affected members. If an SPG member notices an issue with their account, please contact our customer service team. We suspect this is due to large breaches at other companies (not SPG) where user credentials are stolen and being used for unauthorized access to some SPG member’s accounts.

SPG has many account security protections in place to protect SPG members from losing points. It is very important that members not use the same user name and password across multiple sites. Please check your SPG account often and report any suspicious activity to us; always use strong, complex passwords with capital and lowercase letters, numbers and symbols; and we recommend creating a user name instead of using your email address as your user name.

We will continue to investigate this important matter.

Notwithstanding Starwood’s assurances that accounts are being closely monitored for signs of fraudulent activity, not all program members are satisfied with the company’s efforts. One example:

Since reporting the issue to SPG they had promised to lock the account. They failed to do so and now another 150,000 points are missing. This is disgraceful customer service. I was promised the account would be secured to prevent this but apparently that wasn’t a high enough priority. I may need to speak with the media about this to ensure others are aware and also consult an attorney.

And another:

I am also troubled by SPG’s lack of apparent concern for the safety of my information. Confidence and trust is at the core of any business relationship and I’m not sure that i can continue to have this relationship with Starwood. I was looking forward to continuing my status as Platinum for the years to come, now I’m not so sure. SPG has not been forthcoming or helpful at all during this situation.

Staying Secure Online

Until loyalty programs implement more robust security measures — two-step authentication, for instance — members’ accounts will be vulnerable to hackers. At a minimum, consumers can and should do the following:

  • Refrain from using the same password for multiple accounts.
  • Monitor their accounts regularly for signs of fraudulent activity.

Those steps won’t guarantee the security of your account, but they’ll reduce the odds of losing your miles and points.

This article originally appeared on

By Tim Winship

After 20 years working in the travel industry, and 15 years writing about it, Tim Winship knows a thing or two about travel. Follow him on Twitter @twinship.

Leave a Reply

Your email address will not be published. Required fields are marked *