Monday, March 30, 2015

Travelore News: UK's No.1 Frequent Flyer Expert Responds To British Airways Account Hacking

Rob Burgess, editor of Head for Points, responds to the current British Airways Executive Club hacking saga which has left hundreds of thousands of users unable to access their accounts - which have also been stripped of all their Avios points!

Thousands of readers of Head for Points (, the UK's biggest frequent flyer website, have been unable to access their British Airways Executive Club accounts since Friday.  This includes the editor and his wife!
Some - but by no means all - of the impacted flyers have received an email from British Airways which reads:
British Airways has become aware of some unauthorized activity in relation to your Executive Club account. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account. We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.
What the email does NOT say is that British Airways has removed all of the Avios points from the accounts of impacted members!  It is refusing to give a firm time frame on when these points will be returned.  Call centre agents are telling Head for Points readers conflicting stories of 'a couple of weeks' to 'a few days'.
Attempts to reset passwords in order to access accounts are also failing because the BA website is not sending out the required emails.
This situation is particularly inconvenient for members since Avios points will be devalued substantially on April 28th.  More importantly, redemption seats for the Easter fortnight in 2016 will become available this week but many members will be unable to book.
Rob Burgess, editor of Head for Points, is unhappy with the way that British Airways has handled the situation:
"This is a textbook example of how NOT to respond to a potential hacking issue.  It is difficult to see how BA could have handled it more poorly.
The email to members from British Airways looks likes a phishing email.  It does not include any account information to convince the reader it is really from British Airways.
Only a percentage of impacted members even received an email.
The email failed to mention the most important fact - that BA had zero'd the balance of their Avios account!  Anyone who managed to reset their password panicked when they saw a zero balance and immediately overwhelmed the call centre.

For most people, including myself, the 'reset password' function is not working anyway ....
The BA call centre was not briefed on what was happening.  It was impossible to reach for most of Friday and agents could not explain what was happening.  There are still conflicting messages being given by agents as to whether they can book Avios redemption seats by telephone.

BA has not given a timetable for the reinstatement of missing Avios points."
"In general", Burgess adds, "whilst I fully appreciate the need for account security, BA has over-reacted massively.  Frequent flyer miles are not a prime target for hackers.  What is the point?"
"Unless the hacker intends to fly within a few hours, the risk of the account holder noticing that his account has been debited and notifying BA is too high.  The airlines also have systems in place to spot suspicious redemptions, which usually involve a booking for a third-party, paid on a third-party credit card, for travel to or from a high-risk country."
"It appears that BA did not have a system in place to deal with such a situation and has made a knee-jerk reaction which is causing unnecessary inconvenience to hundreds of thousands of people."
Background information:
Head for Points ( is the UK's No 1 website for collectors of Avios points, other frequent flyer miles and hotel loyalty points.  It had 770,000 page views and 140,000 unique visitors in January 2015, 80% from the UK.
Head for Points was founded in July 2012 by Rob Burgess, an ex-City analyst.  Rob has not taken a long-haul flight in Economy for over 15 years, currently has over 10 million airline, hotel and credit card points and has used air miles to travel in Business Class and First Class with many of the world's leading airlines.

No comments:

Post a Comment