Get Started

Learn more about Credit Cards, Travel Programs, Deals, and more.

Hacked: My Amtrak Rewards Compromised & Why This Is a HUGE Wake Up Call

This post may contain affiliate links - Advertiser Disclosure. As an Amazon Associate, we earn from qualifying purchases.

Amtrak Guest Rewards Account Hacked

Amtrak Guest Rewards Account Hacked

One thing that technology has brought into our lives is more “accounts” and “logins” than ever existed before. For most people logins for email, banking and social media are enough, but us miles/points crazies just have to go and sign-up for every single loyalty program. More logins!

While we often think about securing our banking and social media logins, loyalty accounts are just as vulnerable. Unfortunately I learned that the hard way yesterday when I received the following email from Amtrak Guest Rewards:

Amtrak Guest Rewards Account Hacked

Thankfully I saw the email almost right away and immediately went to login to my Amtrak Guest Rewards account. I have/had about 64K points in my account, mostly because I transferred over Ultimate Rewards before that option ended, but had to back out of a trip I was going to book.

Fortunately the thief had only changed my email address so I was able to login and see the bad news. My 64K balance was down to just 4K. Someone had tried to redeem my points for $300 in Gap gift cards and $300 in Gamestop gift cards. I called Amtrak almost immediately and went through the process of getting everything disputed.

Amtrak Guest Rewards Account Hacked

While redeeming Amtrak points at $.01 each should be an additional crime, I’m quite sure we’ll never catch this person. Luckily since I was able to call so quickly they never received the gift cards and I have been told the points will be returned to my account shortly although it can take a couple of days.

Protecting Your Accounts

While I resisted for quite awhile, I finally began using a Password Manager awhile ago. I personally use LastPass which I am quite happy with. It generates very secure random passwords that are stored and easy for me to import when signing in. My only issue is that I neglected to change passwords on some loyalty accounts which obviously was a big mistake.

If you want to try LastPass you can get 1 free month of their Premium service with this referral link. There are other options out there as well. No matter which password manager you choose, I think it is an essential tool for protecting your accounts. I was skeptical of the hassle of getting it setup, but am happy with the ease of use and added security. Now I just need to get all of my accounts switched over to more secure passwords.

Conclusion

Thankfully companies are getting better and better at stopping these attacks through notifications and IP tracking. In this case Amtrak’s notification system worked and their customer service rep was very friendly and efficient on getting this escalated and fixed. I’m just glad my very valuable Amtrak points aren’t gone. Lesson learned.

Have you recently had any of  your loyalty accounts hacked? Share your experiences in the comments.

 

Disclosure: Miles to Memories has partnered with CardRatings for our coverage of credit card products. Miles to Memories and CardRatings may receive a commission from card issuers.

Lower Spend - Chase Ink Business Preferred® 100K!

Chase Ink Business Preferred® is a powerful card that earns 3X Ultimate Rewards points in a broad range of business categories on the first $150K in spend per year. Right now earn 100K Chase Ultimate Rewards points after $15K $8K spend in the first 3 months with a $95 annual fee.

Learn more about this card and its features!


Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities.
Shawn Coomer
Shawn Coomerhttps://milestomemories.com/
Shawn Coomer earns and burns millions of miles/points per year circling the globe with his family. An expert at accumulating travel rewards, he founded Miles to Memories to help others achieve their travel goals for pennies on the dollar. Shawn also runs a million dollar reselling business, knows Vegas better than most and loves to spend his time at the 12 Disney parks across the world.

Responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.

13 COMMENTS

  1. Sometimes I think it’s better to have a long password (as many characters as allowed) of a combination of lower case, upper case, numbers, and special characters and just write it on a piece of paper rather than keeping a password that’s easy to remember but easily hacked.

  2. […] Hacked: My Amtrak Rewards Compromised & Why This Is a HUGE Wake Up Call. – I use a password manager too to keep track of my passwords, which allows me to have even more complex passwords since I don’t have to memorize or use the same password across multiple sites.  And I use services that alert me immediately whenever I book travel or have transactions post to my financial accounts. […]

  3. Glad you were able to get your points back. I use several services like this for my bank and mileage accounts so that I’m alerted whenever there is activity on my accounts so that I can stop fraud as soon as it happens.

  4. JL – brute force, in fact, is the most common way accounts are hacked. This is what gave rise to captcha/recaptcha.

  5. JL – not true. Most hacks happen because the username/password combo from one website becomes compromised. Hackers use the leaked username/password list and try it against other sites. This usually works well because people use the same username/password across multiple sites.

  6. I give lectures on identity theft often – the hospitality industry is the worst when it comes to securing online accounts. For some odd reason, they loathe implementing 2-step authentication.

  7. I dispute the usefulness of password managers. These hacks usually happens because the system itself or the data warehouse behind it was hacked / someone inadvertently left that data on a publicly accessible location. Rarely is it cracked via brute force.

    In that case, no matter how “secure” the password is, it wouldn’t work.

    • Password Managers allow you to have unique secure passwords for each site. This means if the info for one site is compromised your password is not compromised on other sites. That is the main benefit.

  8. I’ve been getting emails that look like legit reporting that are actually phishing attempts. I’ve received two of these emails in the past couple of days – one that appeared to come from Apple and one that appeared to come from Chase. These emails look very legitimate, but they are not. Be careful; never click anywhere in the email.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related

7,703FansLike
9,903FollowersFollow
16,444FollowersFollow