# Marriott Rewards Point Reduction [Account Hacked]



## ilene13 (Oct 25, 2010)

I just went to make a hotel reservation and I tried to log on to my account.  It refused my password.  I then tried my email address and my home address--it said those are incorrect.  A Marriott representative chatted on line with me and gave me the email address and password that she said were associated with my account.  They were incorrect--I never had those.  Then I logged into my Vacation Club account and it gave me my Marriott Rewards Point balance---it was 600,000 points less than I had last week.  I am going to call Marriott Rewards in  the morning---has anyone else had this issue??????????????


----------



## gblotter (Oct 25, 2010)

ilene13 said:


> I just went to make a hotel reservation and I tried to log on to my account.  It refused my password.  I then tried my email address and my home address--it said those are incorrect.  A Marriott representative chatted on line with me and gave me the email address and password that she said were associated with my account.  They were incorrect--I never had those.  Then I logged into my Vacation Club account and it gave me my Marriott Rewards Point balance---it was 600,000 points less than I had last week.  I am going to call Marriott Rewards in  the morning---has anyone else had this issue??????????????


Better check the activity on your MRP account.  Could be that someone illegally gained access to your account, modified the email address and other info, then redeemed 600,000 points for something nice and expensive.


----------



## ilene13 (Oct 25, 2010)

gblotter said:


> Better check the activity on your MRP account.  Could be that someone illegally gained access to your account, modified the email address and other info, then redeemed 600,000 points for something nice and expensive.



I am talking to the Marriott internet department now.  I have to call rewards in the AM to lodge an official complaint and request my points back.  It looks as though someone changed my entire profile--MRP account not Vacation club account


----------



## gblotter (Oct 25, 2010)

ilene13 said:


> I am talking to the Marriott internet department now.  I have to call rewards in the AM to lodge an official complaint and request my points back.  It looks as though someone changed my entire profile--MRP account not Vacation club account


How distressing!  Could the internet department tell you what redemption activity occurred on your account during the last week?  Are you now able to gain access to your MRP account, or just the MVCI account?


----------



## ilene13 (Oct 25, 2010)

gblotter said:


> How distressing!  Could the internet department tell you what redemption activity occurred on your account during the last week?  Are you now able to gain access to your MRP account, or just the MVCI account?



They told me that it happened on OCT 5th and the person purchased 3 playstation III's and 2 X boxes.  I sure didn't.  We've outgrown game systems in our family about 10 yrs ago.  I could access my MRP account but I will not until I talk to the Fraud department as I want them to see all of the incorrect info.  The internet rep gave me an email address to contact the Fraud group--I've already emailed them.


----------



## SueDonJ (Oct 26, 2010)

Oh Ilene, that's awful!  I hope Marriott helps you resolve this so that you get all your points back quickly.

I use passwords and sign in/out to every website that requires them, but never gave a thought to the Marriott Rewards site being hacked that way.  I'm sorry you're going through this but do appreciate the reminder.  Thanks for letting us know what's happened and how it's being resolved.


----------



## dioxide45 (Oct 26, 2010)

Three PlayStation's and two XBox's only cost 60,000 points? That seems very cheap.


----------



## aka Julie (Oct 26, 2010)

dioxide45 said:


> Three PlayStation's and two XBox's only cost 60,000 points? That seems very cheap.



OP said it was 600,000 points!


----------



## dioxide45 (Oct 26, 2010)

aka Julie said:


> OP said it was 600,000 points!



Oh, missed that


----------



## winger (Oct 26, 2010)

This should be easy to prove fraud. Three devices say shipped UPS to x address. Send the police there and it's a vacant home - owners away for the winter OR police find devices there and arrest the crooks.

Question is how hard it will be for Marriott to return the points. 600k is a lot of pts.


----------



## Pens_Fan (Oct 26, 2010)

600k is not a lot of points to *Marriott*.

There is no reason why they should not return the points.


----------



## DanCali (Oct 26, 2010)

winger said:


> This should be easy to prove fraud. Three devices say shipped UPS to x address. Send the police there and it's a vacant home - owners away for the winter OR police find devices there and arrest the crooks.



You are assuming that they were shipped to the US, but they could have been shipped to anywhere else in the world for all we know.

This story is pretty disturbing. Could have happened to anyone. I hope the OP gets her points back.


----------



## FlyerBobcat (Oct 26, 2010)

It would be interesting to hear what -- if any -- restrictions Marriott has in place regarding shipping to an address OTHER than the account owner's address on file.  That should be a red flag....


----------



## DMSTWO (Oct 26, 2010)

*Could the Key Card be the culprit?*

Don't know if this has anything to do with it, but I learned a long time ago that the nice little Key Card they give you when you check into a Hotel or TS is loaded with your personal info.

I get copied on a number of business alert and executive info news letters.  Some of these news letters have implied that all your personal data a hotel system has in their data base is transferred to that magnetic strip on the back of the key card.  I'm not sure what exactly they put on the card, but its not much of a leap to assume that at the very least it does contain your frequent traveler info (i.e. Marriott Rewards profile).

More than once I've seen articles that tell you NEVER return your key card to the hotel when checking out.  Take it with you and shred-it


----------



## Bill4728 (Oct 26, 2010)

DMSTWO said:


> Don't know if this has anything to do with it, but I learned a long time ago that the nice little Key Card they give you when you check into a Hotel or TS is loaded with your personal info.



This is just an urban legend!!  The key cards don't contain that kind of info.


BUT there is a kernel of truth to this. Which is: Having a fraudulent credit card on your person is against the law.  BUT a scammer can legally have key card on their person ( and credit info encoded on those cards).


----------



## MALC9990 (Oct 26, 2010)

DMSTWO said:


> Don't know if this has anything to do with it, but I learned a long time ago that the nice little Key Card they give you when you check into a Hotel or TS is loaded with your personal info.
> 
> I get copied on a number of business alert and executive info news letters.  Some of these news letters have implied that all your personal data a hotel system has in their data base is transferred to that magnetic strip on the back of the key card.  I'm not sure what exactly they put on the card, but its not much of a leap to assume that at the very least it does contain your frequent traveler info (i.e. Marriott Rewards profile).
> 
> More than once I've seen articles that tell you NEVER return your key card to the hotel when checking out.  Take it with you and shred-it



I can reliably say that this is NOT TRUE - the hotel room key card DOES NOT hold any sensitive data about you - it purely gets you into your hotel room.


----------



## FlyerBobcat (Oct 26, 2010)

Bill4728 said:


> This is just an urban legend!!  The key cards don't contain that kind of info.
> 
> 
> BUT there is a kernel of truth to this. Which is: Having a fraudulent credit card on your person is against the law.  BUT a scammer can legally have key card on their person ( and credit info encoded on those cards).



http://urbanlegends.about.com/library/bl_hotel_keycards.htm


----------



## gblotter (Oct 26, 2010)

Ilene - please let us know how this gets resolved with Marriott.


----------



## ccpinternational (Oct 26, 2010)

Can't wait to hear how Marriott would deal with this.


----------



## ilene13 (Oct 26, 2010)

*My Points*

So far everyone with whom I have spoken to at Marriott has been wonderful.  The paperwork to report the fraud was faxed to me this morning.  I now have a password and a pin # for my account.  We are making a police report this evening--suggested by Marriott.  All the paperwork will be faxed back to them tonight  and I was told I should get my points back in a timely manner.  I will keep everyone updated.


----------



## SueDonJ (Oct 26, 2010)

That's about as good news as could be hoped for, Ilene, sounds like Marriott is working with you to get this resolved - here's to continued good service.  (As well as a confirmed reservation for the Points stay that you were trying to make when you realized your account had been compromised!)


----------



## FlyerBobcat (Oct 26, 2010)

ilene13 said:


> So far everyone with whom I have spoken to at Marriott has been wonderful.  The paperwork to report the fraud was faxed to me this morning.  I now have a password and a pin # for my account.  We are making a police report this evening--suggested by Marriott.  All the paperwork will be faxed back to them tonight  and I was told I should get my points back in a timely manner.  I will keep everyone updated.



Any high-level details you can share regarding where the goodies were shipped?


----------



## ilene13 (Oct 26, 2010)

FlyerBobcat said:


> Any high-level details you can share regarding where the goodies were shipped?



They told me the incorrect address that was changed in my profile but I was not really listening--so no I do not know, but Marriott does!


----------



## ilene13 (Oct 26, 2010)

SueDonJ said:


> That's about as good news as could be hoped for, Ilene, sounds like Marriott is working with you to get this resolved - here's to continued good service.  (As well as a confirmed reservation for the Points stay that you were trying to make when you realized your account had been compromised!)



Sue,
  I was actually not making a points stay--I just wanted my rewards number to be on the reservation.  I always look at my points balance to consider other trips.


----------



## JimC (Oct 27, 2010)

Glad it is resolved.  Any idea how your account was hacked in the first place?  They would need login and password to do that.


----------



## ilene13 (Oct 27, 2010)

JimC said:


> Glad it is resolved.  Any idea how your account was hacked in the first place?  They would need login and password to do that.



I have no idea----I have NEVER used a public computer. You don't need a log in--just a rewards # and a password.  My son told me that like random # generators there are password generators.  It was my only all # password.  It has since been changed--especially since the hacker changed my profile.  Through Marriott I also have a pin # too. Hopefully I'll get my points back soon.


----------



## aka Julie (Oct 27, 2010)

I wonder if maybe the "culprits" also hacked other MR accounts.  Obviously they are pros at this and went after the high ticket items.  Similar to the folks who hack credit card info.

Last year someone in California opened up 3 store credit cards in my name, got instant credit and immediately charged up to the limit.  They were unsuccessful at 2 stores.  All in all they charged over $3,000 in my name before the cards were shut down.  I had to file a police report and wasn't responsible for the merchandise, but all of us pay for this kind of theft in one way or another.

I hope you get your points back soon.


----------



## IngridN (Oct 27, 2010)

It may have been an inside job. A number of years ago about 1 1/2 years after my father cancelled a credit card, it was reopened and among other things, the perp rented several cars and stole them. My father found out when the police came looking for him  . 

Ingrid


----------



## ilene13 (Oct 27, 2010)

After sending back all of the paperwork today I followed up with a call to the representatives I've been dealing with.  They expect that I will get ALL of my points back within the week.  The items that were purchased by the hackers were sent to St. Louis, somewhere in downstate New York and a 3rd area that the rep could not remember.  I can no longer redeem points on line as I have to use a pin # in addition to a password---that's ok with me.  I'll let everyone know when the pts are returned.  Everyone at Marriott has been wonderful.


----------



## scrapngen (Oct 27, 2010)

I'm glad that Marriott is taking care of you, and working w/police in this matter.


----------



## MALC9990 (Oct 28, 2010)

ilene13 said:


> Sue,
> I was actually not making a points stay--I just wanted my rewards number to be on the reservation.  I always look at my points balance to consider other trips.



Ilene

The sad fact is that it is far more likely that your PC was compromised or hacked rather than the Marriott system (unless it was an inside job). Otherwise - why just your account and not wholesale impact across many MR accounts.

So I would recommend that you have your PC fully checked. Do you have security software installed - e.g. Symantic's Norton Internet Security or any of the other mainstream products.

If you don't have any security on your PC then it may very well be that your system has been compromised and any of your password protected internet accounts may be affected. In that case you should install a good security product and have your system fully checked before you do any other online activities. If you have security s/w installed then you shoudl still run a full system scan to check for any hidden threats that may have escaped detection.

From your accounts here on TUG it would seem that this was a fairly amatuerish attempt since the trail to the delivery address might lead the poilice to the individual but it may be that they will be gone from that address.

I'm sorry you have had this experience but it is becoming an all too common experience these days.


----------



## ilene13 (Oct 28, 2010)

MALC9990 said:


> Ilene
> 
> The sad fact is that it is far more likely that your PC was compromised or hacked rather than the Marriott system (unless it was an inside job). Otherwise - why just your account and not wholesale impact across many MR accounts.
> 
> ...





  I do not use a PC--I am a Mac user and of course I have security on it.  Honestly I think it may be an inside job--all they needed was a rewards account #--every time we stay at a Marriott property the # is on the bill.  The reps at Marriott say that they do get fraud cases if not often, consistently.


----------



## ilene13 (Nov 1, 2010)

*MRP returned!!!*

It is One week since I discovered my 600,000 points were stolen.  Marriott returned them today!  I must say that for this situation Marriott was a pleasure to deal with.


----------



## winger (Nov 1, 2010)

GREAT - now I hope they nailed the b&*%$ who did this.


----------



## powen (Jan 2, 2011)

*Marriott Rewards account hacked*

Heads up all. My Marriott Rewards account was hacked of 440,000 points over the weekend. I noticed this when I tried to access my account and my password didn't work. I will be calling Marriott in the morning. I have over 140 stays in 2010 so I hope they work with me on this.

Phil


----------



## powen (Jan 2, 2011)

I just got hacked.


----------



## wmlifsey (Jan 19, 2011)

*Let's get Marriott to protect our Rewards*

I went online to pay a bill with my Marriott Visa and followed a link to check my Rewards.  Well over 620,000 points had been taken out of my account, but Skymall caught part of the redemption as fraud and returned approximately half of those points.
After a confusioning series of conversations with Marriott Rewards personnel in both SLC and San Antonio, I am filling out a police report here in my hometown and then faxing the information to SLC.
It has taken approx. two weeks to reach this point.  If there are others out there like me, we should claim compensation from Marriott for the time involved to simply return us to our prior positions.  I want Marriott to double the Rewards that were taken from me, even though they have been partially returned and other Rewards will eventually be returned.
What do others think about this mess?


----------



## TheTimeTraveler (Jan 19, 2011)

wmlifsey said:


> I went online to pay a bill with my Marriott Visa and followed a link to check my Rewards.  Well over 620,000 points had been taken out of my account, but Skymall caught part of the redemption as fraud and returned approximately half of those points.
> After a confusioning series of conversations with Marriott Rewards personnel in both SLC and San Antonio, I am filling out a police report here in my hometown and then faxing the information to SLC.
> It has taken approx. two weeks to reach this point.  If there are others out there like me, we should claim compensation from Marriott for the time involved to simply return us to our prior positions.  I want Marriott to double the Rewards that were taken from me, even though they have been partially returned and other Rewards will eventually be returned.
> What do others think about this mess?






Well, it would be nice to have Marriott double the Rewards for you, but why would you expect that if Marriott wasn't at fault?    Before pursuing that avenue, I would want to find out who obtained (and how) your password in order to get in there to use your MRP's?

Were you using your laptop at an airport, or at some other wifi system?  If so, anyone could have grabbed your password, even while your computer was in the sleep mode.

Best of luck, and keep us posted....




.


----------



## winger (Jan 19, 2011)

For those with SmartPhones, I subscribe to PageOnce (it is no charge) to keep tab of my various accounts (credit card, frequent flier, Marriott Rewards, utilities, etc.).  The program has already notified me of a set of fraudulent activities on my Discover Card the day after it happened I was able to take action sooner rather than later.  Taking a proactive approach to stop thiefs in their tracks is much appreciated by most companies (VISA, banks, etc.).


----------



## abouna (Jan 23, 2011)

I know this person didn't use a public computer, but for those who do, be sure to always sign out and not just close the window. I was in the Paris airport in the American Airlines lounge once and used the computer. Got on the AA website and some guy's account was still open with like 500,000 AA miles in it. I logged out for him, but anyone could have booked a ticket and been off!


----------

