14 DAY TRIAL // American Airlines have started to notify almost 10,000 of its customers that their accounts for the service have been accessed without authorization by unknown parties, who stole miles accumulated with the airline.
Emails alerting clients about the incident started to be sent on Monday, Martha Thomas, spokeswoman for American Airlines said, adding that the FBI has already been informed.
No hack, credentials from another service were used
It appears that the computer systems of the company were not hacked and the intruders gained access to the customers’ miles using the correct log-in information.
The same type of intrusion was perpetrated twice in December, against the MileagePlus account holders at United Airlines.
Both airline companies say that the incident was possible due to cybercriminals stealing the sensitive information from a different entity and then testing to see which log-ins unlock the frequent flyer miles of their clients.
Oftentimes, users rely on the same password to create profiles with other online services, despite the numerous warnings from security experts. Cybercriminals know that this is a common practice, and test the log-ins on multiple services.
The American Airlines representative told Associated Press that some of the affected accounts had been frozen and work was carried out to set new ones up, in collaboration with customers, those with 100,000 miles being the priority right now.
Hackers seem to have been quick at using the free miles, and in two cases they reserved a free trip or upgraded to a more comfortable class.
Crooks have various methods to convert miles into cash
The value of loyalty accounts from airline companies resides in the fact that the accumulated miles can be traded for other goods and even cash.
There are plenty of businesses specialized in this sort of transactions brokering the selling of miles. Some airline companies provide the opportunity to trade them for gift cards that can then be used with different online merchants.
Moreover, in some cases, the cybercriminals can transfer the miles to the account of another customer of the airline company in exchange for cash. On the same note, there are underground forums where frequent flyer miles can be traded for different goods that have probably been obtained through other types of fraud.