Business News

Ottawa man’s 200,000 Aeroplan points stolen while he slept


Cyber ​​theft is on the rise, with hackers moving faster than ever to access and take private information.

In a recent incident, Ottawa resident Brian Crook was the victim of a cyberattack that wiped out his stash of Aeroplan loyalty points, enough for two transcontinental flights.

“I had over 200,000 Air Miles in my account,” says Crook, “and then one morning they just disappeared. I probably had enough for a trip for two to Australia, which was pretty disappointing. “

Crook spent many years accumulating these points, which he says were stolen from his online account on February 7 while he was sleeping.

“Around 2 a.m., my Aeroplan account changes and they now have full access to my points. I don’t have an Uber account, but from what I understand, they create an Uber account, attach it to your Aeroplan account, and then start taking the points in escalating amounts. Eighteen transactions during that February night, all around 12,000 points each.

Air Canada owns and operates Aeroplan, and points earned by customers can be used to purchase airline tickets or to purchase other items through third-party partners, such as Uber.

Cybersecurity experts warn that loyalty card accounts are very valuable to hackers because points can be quickly converted into untraceable gift cards. Technology analyst Carmi Levy says enabling stronger security measures, like two-factor authentication, is a necessity to protect against cybercriminals.

“We don’t treat the assets, the points in our loyalty accounts, the same way we would dollars in a bank account and we really should because they’re worth something. Unfortunately, they can be compromised as easily as money in the bank. “It really is a frenzy for cybercriminals. They know full well that the advantage is theirs,” says Levy. “The sad reality for most consumers is that there is no protection for them. There is no law in place that specifically requires suppliers, platform owners, these sellers to return lost loyalty points in the event of a cyber attack like this. So if you get your points back, it’s largely thanks to the company’s generosity.

In a statement to CTV News, Air Canada says the incident occurred because “the member’s email account was compromised and access was gained that way, not through the Aeroplan platform.” .

Air Canada says it has been in contact with Crook and on Monday restored the stolen points and helped ensure safeguards are in place for the future. The company advises all customers to apply additional precautions, available to account holders, such as:

  • Multi-factor authentication: Members easily receive a one-time code via text message each time they log in to their Aeroplan account, authenticating the person accessing it.

  • Use a strong, unique password: One of the most common causes of data breaches is usually weak or reused passwords. To prevent cybercriminals from accessing multiple accounts at once, create a strong, unique password for each account that combines letters, numbers, and symbols. Choose a passphrase that can be easily remembered, but that others will not easily guess.

  • Update contact details: Keeping contact information up to date allows the company to quickly report any suspicious activity detected on a member’s account. This is especially important if people change Internet service providers or workplaces, or if they lose access to the email address linked to their Aeroplan account.

Crook says after nearly a month of waiting, he is grateful and relieved that Aeroplan returned the stolen points so he and his family can plan a big vacation.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button