Update: This offer for the IHG® Rewards Club Premier Credit Card has expired. Learn more about the current offers here.
In the interest of full disclosure, One Mile At A Time earns a referral bonus for anyone that’s approved through some of the below links. These are the best publicly available offers that we have found for each card. Please check out our advertiser policy for further details about the partners we work with. Thanks for your support!
Miles and points are great and all, but only if someone doesn’t steal them from you. I have a bunch of IHG Rewards points, mainly from my signup bonus for the IHG® Rewards Club Premier Credit Card and from a really lucrative Accelerate offer last year.
The other day I tried to log into my account. I haven’t booked any stays with IHG for about 8 months, and I was hoping to redeem some points for an upcoming trip.
IHG’s website isn’t the best in terms of security — rather than a strong password, users sign in with their account number or email address and a 4-digit PIN.
I tried logging in using my credentials, and I was certain they were correct, but the system wouldn’t accept them. IHG has an online chat feature, so I gave that a try. They reset my PIN and sent me an email — but the new PIN didn’t work either! The online chat agent logged off before I had the chance to tell him that it didn’t work (literally he said “Is there anything else I can help you with?” and then logged off five seconds later).
Finally I called IHG, strongly suspecting that something was wrong, and explained the situation to them. Once again they insisted on sending me a new PIN, and wouldn’t wait on the phone with me while the email came through. This time the PIN worked and I was able to get into my account – but 87,000 of my roughly 100,000 points were missing!
The account activity showed two redemptions made in February, which I certainly did not make or authorize.
The person on the phone said that the account holder’s address and email address were changed a few months ago (despite the fact that the previous agent I’d spoken to verified all my contact info and said it matched their records).
Unfortunately I couldn’t see what the redemptions were used for, but I am really curious. Was this hacker spending a week at a Candlewood Suites in Nebraska, or did they opt for something a little more exotic like a Kimpton property?
Anyway, the agent told me they would investigate and that my account would be temporarily suspended and they would call me in 3 to 5 days with an update. Sure enough, when I tried to log in today I received this message:
I’ll let you know what happens –- I guess my lesson here is that I should’ve been periodically changing that PIN, or keeping a closer eye on my account balances.
Has anyone else ever had a points account hacked (IHG or otherwise)? Were you happy with the resolution?