By the time you read this post, there are chances that someone might be flying to their favorite destination or upgrading to first class at your cost. During the past couple of weeks, a handful of frequent flyers in the United States have faced this mystery – flyer miles disappearing from their accounts.

Cyber-criminals have apparently succeeded in accessing the frequent flyer program accounts of some of the customers of American Airlines ( AAdvantage) and United Airlines (MileagePlus) and steal the miles. They have exploited the stolen miles for free trips and upgrades.

Media reports, quoting research firms claim that nearly three dozen user accounts have been compromised in United Airlines. In the case of American Airlines, about 10,000 accounts were ‘affected’. The airlines have started announcing compensatory measures such as restoring lost miles and one year credit-watch service.

Missing Miles – The Mystery

Neither American Airlines nor United have faced any security breach or a compromise. The airlines have not been at fault at all. But, cyber-criminals have succeeded in accessing the loyalty program accounts of other users. This may appear a mystery, but the cause is a very simple one. In fact, if anyone should take full responsibility for this ‘compromise’, it would certainly be the affected users themselves.

Cyber-criminals have apparently obtained usernames and passwords from other compromised websites and managed to access the loyalty program accounts of the airlines. The fact that users have used the same set of passwords in many sites has facilitated hackers to get into the loyalty program accounts too.

Password Reuse Could Cost You Dearly, Derail Online Life

We have been pointing out in this blog series repeatedly – reusing the same password across multiple sites is a perfect recipe for disaster. Nowadays, it is quite common for users to use the same login credentials for multiple sites – social media, banking, brokerage, loyalty programs and other business accounts. If the password gets exposed in any of the sites, in all probability, hackers would be able to easily gain access to all your other accounts too. This is precisely what has happened in the case of flyer miles vanishing case. If you have the habit of using a single master key for all your accounts, be prepared for security surprises and shocks like these!

We reiterate the dictum: It is always prudent to have unique passwords for every website and application and supply it ONLY on that site/app. When there is news of password expose or hacks, you can just change the password for that site/app alone. Frequently changing passwords, as a habit is always a great one to have.

We Don’t Have 8 GB Flash Memory on our Brains …

When you want to use unique passwords, you will have to remember multiple passwords – sometimes in the order of tens or even hundreds. It is quite likely that you will forget passwords and at the most needed occasion, you will struggle logging in.

Use a Password Manager

To combat the new age security attacks, proper password management should ideally become a ‘way of life’. As remembering unique, complex passwords is an impossibility, you should start using a password manager like Zoho Vault. Password Managers help you to generate unique passwords for each account, store them in a centralized vault and even launch a direct connection to websites and applications without even copying/pasting the passwords.

We can certainly prevent incidents like mysteriously disappearing flyer miles. Consider using Zoho Vault!

Chandramouli Dorai

Zoho Vault – Online Password Manager for Teams