The incidents were not the result of hacks on the airlines own systems – the thieves obtained user credentials such as usernames and passwords elsewhere, the companies said. The airlines warned customers against using the same passwords on multiple websites.
American said that about 10,000 accounts were compromised, with two used to book free travel or an upgrade. United said up to three dozen accounts were compromised. American said it began notifying customers of the incidents by email on Monday, while United said it notified customers in late December.
The incidents involve frequent-flyer accounts, which allow users to make purchases using accumulated air miles. United said it would restore miles to affected users. American said it would pay for one year’s credit-watch service for custoemers involved in the incidents.
American said some accounts have been suspended while new accounts are set up, beginning with customers who have at least 100,000 miles. The company said it has notified the FBI of the matter.
The airlines said they monitor user accounts for unusual activity and may require users to enter additional information if a transaction seems suspicious. United said it has begun requiring customers to enter their rewards programme number when logging in.
Are you a security pro? Try our quiz!
Workers at Amazon warehouse near Raleigh vote against joining union, as company continues to challenge…
High-profile meeting with tech leaders seen as signal China is boosting tech sector after years…
South Korea hopes to gain leg up in international AI race with infusion of private…
Chinese electric vehicle giants rush to incorporate DeepSeek AI tech to cars after it creates…
South Korean data authority suspends Chinese AI start-up DeepSeek from Apple, Google app stores while…
Privacy advocates criticise Google over decision to allow companies to track users via digital fingerprints,…