Have your American Airlines or United Airlines mileage accounts been hacked?
You might want to check, after the Associated Press this week reported that accounts at both major carriers were affected in late December. American started letting passengers know of the security breach on Monday.
"American spokeswoman Martha Thomas said that about 10,000 accounts were affected and some have been frozen while the airline and customer set up new accounts, starting with customers who have at least 100,000 miles," the AP's David Koening wrote. "She said the airline isn't aware of anyone booking a free trip."
At United, however, the situation may have been more serious. A United spokesman told AP "...thieves booked trips or made mileage transactions on up to three dozen accounts." United told customers that they would refund the miles, so that's good news.
Both airlines told AP that they were not responsible for the security breach. What likely happened, they said, was that the hackers found the traveler's usernames and passwords elsewhere and then tried them on the airline sites. Some of the attempts likely worked, though many almost surely did not.
Two lessons here. First, you probably should change your username and password for your airline accounts. Second, try to mix up the usernames and passwords you use on different sites. That way, if your login information is compromised on one site, it won't spill over to others.
Incidentally, I commend the hackers for booking the free tickets on United. Like all of you, I know how hard it is to actually book an award ticket.