I’ve nothing to add to the BA hacking saga, but feel free to add your comments here!

A huge percentage of Head for Points readers, including myself and my wife, are currently locked out of their Avios accounts.

Changing the password simply shows a zero Avios balance which BA appears to have confiscated ‘for my own good’.

I don’t know anything more except what has been said in the email below. Looking at reports on Flyertalk, it seems that there is NOT a specific exterior service causing the problem.  AwardWallet and TripIt have NOT been compromised.

However, my best guess is that BA is trying to find accounts which HAVE been the target of suspected hacks.  If you are registered with AwardWallet then your account will have been accessed from outside the UK by AW on a regular basis and this may have flagged you as high risk.  This is only a guess.

I have nothing more to add which adds to the discussion, to be honest.  We can use this article for comments on the topic, however.

The letter from BA goes:

Dear Customer

British Airways has become aware of some unauthorised activity in relation to your Executive Club account.

This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.

We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.

We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.

We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.

If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.

For a short period of time, as a precaution, we have also suspended the use of Avios on your account. We will let you know when this suspension period is over.

In the meantime, however, if you wish to spend your Avios please contact us via your local Executive Club service centre. We will be able to reactivate your account by asking you some additional security questions.

We are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.

British Airways Executive Club team

Get a free Pret coffee, free wi-fi and more via the new myGatwick website
British Airways Gatwick First lounge to close at 3pm ... and permanently from November?
About Head for Points

We help business and leisure travellers maximise their Avios, frequent flyer miles and hotel loyalty points. Visit every day for three new articles or sign up for our FREE emails via this page or the box to your right.

Comments

  1. David Froude says:

    STILL NO LOGIN POSSIBLE

    This evening – after 45 mins holding on, very helpful person on Bronze line spends 20 mins with me – still back office “looking into it”. I am also in contact by twitter getting all the same messages – “looking at it” – but I still can not login to BA.com – this is pretty dreadful service, despite the politeness of customer services. Commitment given to advise me of updates to my mobile. Did manage to confirm all my Avios are intact and all those of my household account, who incidentally can login ok themselves.

    Are there any others of you who still can not login to BA.com on your Exec No?

    • Finally, today, I got an email from BA, which says it was nice to hear from me!

      Lots of guff about how frustrating it must be to not be able to access my account and this really doesn’t happen often, but they’ve sent me a link to reset my password and to check to make sure that their emails don’t accidentally fall into my spam bin.

      As it’s 5 days since they said the systems team would contact me and 3 days since I finally managed to get access through my own efforts, I think this is crap.

      • Were you able to login ok?

        • I managed to get access to my account last Saturday, through no effort on BA’s part. Even the password reset link they sent me didn’t work and I had to get in a different way.

          • Are you able to share that way in?

          • I went through the link at ba.com/ecchangeemail. Filled in the form, which told me the first line of my address was incorrect. Worked out that it needed the house number only in the first line. Some days later this generated a change of address email and asked me to click a link to confirm my account. The link was broken (I got a “our servers are unable to deal with this request” message), but I could then go through the “forgotten password” process to generate a password change email.

            Good luck.

    • I am still unable to login to the BA website. I received email informing me of the unauthorised access to my BA account which asked me to reset my password on the 31st of March. Since then all attempts to reset my password have failed as I never receive the email which should follow a password reset request. Two weeks ago I called BA and was told that they were still auditing the accounts. Today I called them again and they said they have raised a ticket to ask someone else to reset my password. I was told this will take 7 days.

      When I requested my password resets through the website, I have tried using my membership number and email address. Neither appear to work. During my first call to BA they confirmed that my email address was correct. There are no spam filters on my email accounts. I’m also still receiving the routine mail shots from BA.

      I think I’ll try changing the email address see if that works.

      • BA need to do some serious grovelling about this cock up. It’s interesting that it’s happened just before the major changes in the Avios programme. Yes, you can still ring up and book online, but I’m sure I’m not the only person who likes to mull things over and then grab an opportunity as it arises on the spur of the moment.

        Even though I have my account access back now, the 2 weeks or so of utter lack of clue I had to endure from BA were abysmal. Being fobbed off with idiotic excuses about IT problems is not acceptable and I certainly won’t be recommending anyone to fly with them where there’s an alternative. All they really needed to do, which I asked for repeatedly, was to get someone to email me, listen to my issue and deal with it. They failed at such basic customer service and then sent me a pointless and patronising email a week too late.

        If any BA managers are reading this, you need to sort out your IT functions sharpish.

  2. Unfortunately our systems are not responding, so we are unable to process your request at the moment.

    We apologise for this inconvenience and suggest you try again later.

    This is the hopeless reply from BA to me clicking on as requested a response to my change of email address with THEY requested I do.

    What is going on?