Reports of Some Hilton Honors Accounts Breached; Points Used For Amazon Purchases

“I received 2 emails yesterday from Hilton saying that my HHonors points had been redeemed through I immediately logged into my Hilton account and I’ve gone from approx 268,000 down to 1000, so around 267,000 were stolen. No idea how this could have happened. Email stated to call Amazon if there is a problem with the transaction or if I was not the one who placed an order. It doesn’t make sense that they say they cannot track down a transaction using my Hilton number as there has to be some kind of record of the points transfer from Hilton.”

Reports of Some Hilton Honors Accounts Breached; Points Used For Amazon Purchases

The paragraph you have just read is the experience imparted by FlyerTalk member pinion, who has yet to hear from either Hilton Honors or Amazon in order to resolve this issue…

…but a similar issue which was experienced by FlyerTalk member BearX220 “has now been very effectively addressed by Hilton” as “Hilton reached out to me 15 days after the breach came to my attention and resolved the question to my satisfaction. I have to say that once service recovery kicked in, it was personal, clear, and effective. The only downside is, I have to commit a new Honors account number to memory.”

Official Response From Hilton

Upon reaching out to a representative of Hilton pertaining to this specific issue with Amazon, this is the official response which I received:

“…we believe that Hilton Honors Points are valuable and should be protected. We always encourage our members to protect their account information the same way they would an email or bank account. That includes reviewing account transactions on a regular basis and using strong passwords that are changed often. It’s also important that passwords are unique and not shared across different accounts.

“If a Hilton Honors member notices suspicious account activity, we encourage them to contact us immediately. We will investigate, respond and if appropriate, make them whole.”

Data Breaches are Unfortunately Rather Common

Fortunately, the frequent travel loyalty programs of most companies have converted the process of accessing a membership account from using a personal identification number of only four digits to using an actual password with mixed characters in order to increase security and mitigate the possibility of having membership accounts accessed by unauthorized people…

…but one notable exception is IHG Rewards Club, which still to this day has its members use personal identification numbers with only four digits to access their membership accounts. Theoretically, they are therefore likely more susceptible to data breaches than the membership accounts of competing frequent travel loyalty programs.

Although I have written extensively about data breaches which compromise your personal information — as well as the miles and points which you have worked so hard to earn over the years — the following articles do not even come close to documenting all of the data breaches solely within the travel industry, as no frequent travel loyalty program appears to be immune or completely secure:

How to Protect Yourself From Unauthorized Breaches

Log into each of your frequent travel loyalty program membership accounts and update your user name; password; security questions and answers, if any; and your verbal password, if one is required.

Also ensure that all of your contact information — including your postal mail address, telephone number and e-mail address — is correct.

Additionally, take the following recommended proper precautions to help secure against unauthorized access to any of your frequent travel loyalty program membership accounts:

  • Do not use your e-mail address as your identification to log into your account.
  • Use a complex password and regularly update it.
  • Use different log in credentials with each Internet web sites.
  • Always check your membership accounts on a regular basis.
  • Promptly report any potential suspicious activity to a representative of the frequent travel loyalty program.


Considering that only at least four members of FlyerTalk reported a breach in the security of their Hilton Honors membership accounts since Wednesday, April 10, 2019 — which is almost a month — it is important to note that this is not exactly a widespread issue at the time this article was written…

…but when your own frequent traveler loyalty program membership account is compromised, whether or not others have experienced similar issues is irrelevant. I should know — my Starwood Preferred Guest membership account was compromised back on Friday, January 16, 2015. Not only were all of the Starpoints wiped out; but I could not even access my membership account because the password was changed.

Fortunately, you are almost guaranteed to have your miles or points replenished in your membership account if it has indeed been compromised — as had eventually happened to me with my Starpoints.

One last note: if you are assigned a new membership number for your Hilton Honors account, be aware that cases have been reported with which the progress towards lifetime elite status has been reset back to zero. Ensure that you document proof of your progress towards lifetime elite status as soon as possible.

Source: Hilton Honors.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.