Maximise your Avios, air miles and hotel points

I’ve nothing to add to the BA hacking saga, but feel free to add your comments here

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

A huge percentage of Head for Points readers, including myself and my wife, are currently locked out of their Avios accounts.

Changing the password simply shows a zero Avios balance which BA appears to have confiscated ‘for my own good’.

I don’t know anything more except what has been said in the email below. Looking at reports on Flyertalk, it seems that there is NOT a specific exterior service causing the problem.  AwardWallet and TripIt have NOT been compromised.

Avios wing 8

However, my best guess is that BA is trying to find accounts which HAVE been the target of suspected hacks.  If you are registered with AwardWallet then your account will have been accessed from outside the UK by AW on a regular basis and this may have flagged you as high risk.  This is only a guess.

I have nothing more to add which adds to the discussion, to be honest.  We can use this article for comments on the topic, however.

The letter from BA goes:

Dear Customer

British Airways has become aware of some unauthorised activity in relation to your Executive Club account.

This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.

We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.

We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.

We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.

If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.

For a short period of time, as a precaution, we have also suspended the use of Avios on your account. We will let you know when this suspension period is over.

In the meantime, however, if you wish to spend your Avios please contact us via your local Executive Club service centre. We will be able to reactivate your account by asking you some additional security questions.

We are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.

British Airways Executive Club team

How to earn Avios from UK credit cards

How to earn Avios from UK credit cards (April 2024)

As a reminder, there are various ways of earning Avios points from UK credit cards.  Many cards also have generous sign-up bonuses!

In February 2022, Barclaycard launched two exciting new Barclaycard Avios Mastercard cards with a bonus of up to 25,000 Avios. You can apply here.

You qualify for the bonus on these cards even if you have a British Airways American Express card:

Barclaycard Avios Plus card

Barclaycard Avios Plus Mastercard

Get 25,000 Avios for signing up and an upgrade voucher at £10,000 Read our full review

Barclaycard Avios card

Barclaycard Avios Mastercard

5,000 Avios for signing up and an upgrade voucher at £20,000 Read our full review

There are two official British Airways American Express cards with attractive sign-up bonuses:

British Airways American Express Premium Plus

25,000 Avios and the famous annual 2-4-1 voucher Read our full review

British Airways American Express

5,000 Avios for signing up and an Economy 2-4-1 voucher for spending £15,000 Read our full review

You can also get generous sign-up bonuses by applying for American Express cards which earn Membership Rewards points. These points convert at 1:1 into Avios.

American Express Preferred Rewards Gold

Your best beginner’s card – 20,000 points, FREE for a year & four airport lounge passes Read our full review

The Platinum Card from American Express

40,000 bonus points and a huge range of valuable benefits – for a fee Read our full review

Run your own business?

We recommend Capital on Tap for limited companies. You earn 1 Avios per £1 which is impressive for a Visa card, along with a sign-up bonus worth 10,500 Avios.

SPECIAL OFFER: Until 12th May 2024, the Capital on Tap Business Rewards Visa card is offering a bonus of 30,000 points, convertible into 30,000 Avios. You must have a Limited Company to apply. Click here to learn more and click here to apply.

Capital on Tap Business Rewards Visa

Huge 30,000 points bonus until 12th May 2024 Read our full review

You should also consider the British Airways Accelerating Business credit card. This is open to sole traders as well as limited companies and has a 30,000 Avios sign-up bonus.

British Airways Accelerating Business American Express

30,000 Avios sign-up bonus – plus annual bonuses of up to 30,000 Avios Read our full review

There are also generous bonuses on the two American Express Business cards, with the points converting at 1:1 into Avios. These cards are open to sole traders as well as limited companies.

American Express Business Platinum

40,000 points sign-up bonus and an annual £200 Amex Travel credit Read our full review

American Express Business Gold

20,000 points sign-up bonus and FREE for a year Read our full review

Click here to read our detailed summary of all UK credit cards which earn Avios. This includes both personal and small business cards.

Category

British Airways and Avios

Comments (146)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • YL says:
    28 Mar28 March 14:04

    I am also a member of 0 Avios club!
    My BA password is unique and I used my BAEC number to log in….however, I do use AwardWallet.
    So far I have received no email, but was able to reset my password to log on to my account.
    I am waiting for the CX award seats to open up next week, this is really annoying!

  • Nick says:
    28 Mar28 March 14:13

    Locked out, no email. 50 minutes on hold to them today to sort it out.

    The call centre staff in the UK are excellent – up there with Amex. The other call centre however…. oh dear.

    Fed up wit BA, really. It is just so painfully difficult to work with them, even when you are trying to give them money. Happlily, my mood improved significantly by booking those Qatar flights to Bangkok for me and the wife for under £1600 in total. Amazing, in particular when you consider that we get Silver status thrown in (which saves us £600 in seat booking fees) and about £300 of Avios, too. My main concern is that sampling the 1-2-1 biz setup on Qatar will make our CW flights to Sydney with BA a month or so later seem a bit naff.

  • RIccati says:
    28 Mar28 March 14:17

    I have read all 28+ pages of Flyertalk forum.

    Yet to find any one report from someone being actually ‘hacked’.

    A lot of comment from BA call centre that their fraud team ‘overreacted’. They really SHOULD think about impact of their actions, especially at this sensitive time (devaluation). How would those people who purchased Avios on 50% offer this week feel when they discover they can’t access it?

    • Cv3v says:
      28 Mar28 March 14:27

      Good point. With the upcoming avios devaluation these account suspensions are happening at a particularly bad time.

      Glad I’ve blown almost all my avios flying on other oneworld carriers.

      • Nick says:
        29 Mar29 March 20:15

        If BA senior staff are reading this they should really consider putting back the devaluation by a month or two to give loyal customers some confidence in their airline.

        • Fenny says:
          30 Mar30 March 01:00

          If BA senior staff are reading this, why aren’t they doing something about the issue! They don’t give a stuff about the timing and will probably not give a stuff if people can’t book the flights they want because of it.

    • Richard says:
      28 Mar28 March 14:44

      “They really SHOULD think about impact of their actions”

      Well, if we’re thinking through consequences, shall we think through the consequences if they HADN’T locked your account? I see no reason not to assume that the email is telling the truth, and someone did manage to log onto your account, even though they didn’t do anything.

      So, are you happy with the fact that some unknown and malicious person can see your future bookings? Know exactly when you’re going to be away from home? See all your contact details, passport number and passport expiry date – everything they’d need to clone your identity? Cancel your bookings or change your flights, if they’re feeling mischievous?

      Luckily, it seems none of that happened – that’s why they say “we are not aware of any access to any subsequent information pages within your account”. But it could have happened at any moment, which is why they had to stop it.

      And remember, it’s not BA’s fault. THEY didn’t leak your password. Someone else did.

      • RIccati says:
        28 Mar28 March 14:53

        We are yet to see any one report from someone being actually ‘hacked’.

        I see that email from BA as vaguely worded, serving no purpose and making misrepresentations. That ‘someone’ who logged into my account could be Awardwallet robot who filled the login form.

        Given the blanket way the accounts got blocked, we will never know if there were specific, actual breaches.

        By the way the whole Household account was blocked (all but one users) I know it has nothing to do with passwords.

      • Liz says:
        28 Mar28 March 15:24

        Hi Richard, what do you think has happened to my account. My BAEC account has not locked me out and my household account miles are all intact but our profiles seem to have lost 40% of our information. The advance passenger information ie. passport information is all gone from our profiles. Upcoming flights etc are all still intact too. We’ve not received any email from BA.

        • Richard says:
          28 Mar28 March 16:18

          I don’t think you need to worry. It sounds like they’ve been active in locking out any accounts which have been compromised, so if yours hasn’t been locked then I would guess there is no suspicious activity on it. Maybe that’s because you’ve been security-conscious and haven’t used the same password all over the web!

          The fact that the some information has vanished from your profile is odd, but it wouldn’t worry me personally. I don’t see any reason why a hacker would do it – it wouldn’t serve any benefit for them, and would just call attention to themselves. I think it’s much more likely that there’s an innocent explanation (maybe it gets reset if you do something-or-other, and you’ve only just noticed).

          Bottom line: nobody can be 100% certain, but in your position I wouldn’t be concerned. It never hurts to change your password of course, so maybe do that – to one which you’ve never used anywhere else.

          • Michalis says:
            28 Mar28 March 17:35

            I use randomly generated 16+ character passwords for my accounts. I don’t use the same password anywhere and yet mine was also locked.

            The way this is handled is a farse. If you think you are hacked then by all means reset the passwords and sent an email to all affected members. Removing the avios and not sending anything is frankly bullshit but I guess not surprising. After all I wouldn’t expect their IT to be better than their product.

      • Paul says:
        28 Mar28 March 15:39

        No one was hacked. BA were attacked, and they overreacted by locking thousands of customers out of their accounts. and zeroing their balances with a ludicrous Ex gratia comment.
        No one is saying they should have done nothing but they are supposed to be a customer service business. The email was inept and looked false; the contingency does not work i.e. how to reset and the lack of information on the web site a disgrace.
        Blaming others in the opaque manner they did was contemptible and I hope award wallet and others challenge that appropriately.

        • Richard says:
          28 Mar28 March 16:22

          “Blaming others in the opaque manner they did was contemptible and I hope award wallet and others challenge that appropriately.”

          They didn’t. Eveyone else jumped to the conclusion about Award Wallet.

          The email is badly phrased, I admit. But when they said “We understand this was login information relating to a different online service which you may have also used to access your Executive Club account”, I don’t think they meant that you used the “different online service” to access your BAEC account. I think they meant that you used the “login information relating to a different online service” to access your BAEC account – in other words, used the same password as you’d used somewhere else, possibly somewhere completely unconnected to air travel.

          • susan says:
            29 Mar29 March 20:36

            I use a BAEC-specific password and have had the three accounts in my HA zeroed. As yet no email from BA to any of the accounts. So if BA is saying that it’s our fault for using the same password on multiple online services then they are talking b*ll*cks.

  • Andy says:
    28 Mar28 March 14:22

    They have a message when you phone now explaining it all and saying the Avios will be credited back to our accounts in the “coming days”.

  • idrive says:
    28 Mar28 March 14:30

    i am locked out as of this morning, yesterday access to ba.com was fine. I use AW, i use EXEC # to get in.

    HAVE YOU ALSO being locked out of IBERIA?? i managed to reset the PIN and i gained access to my IB account immediately with correct Avios Balance.
    Though the below wording on screen:

    PIN update
    From 27/03/15 to 15/04/15

    For security reasons, if you have not done so recently please change your PIN to log in to your Personal Area on Iberia Plus.
    Please, check that your personal information is correct.

    makes me think they really got into big trouble with some hacking action…

    i am now trying to find the way to gain access to my BA as I NEEEED to book multiple flights INCLUDING Easter for which i found a seat. I am in big trouble otherwise.

    • david cliff says:
      28 Mar28 March 14:35

      Out of curiosity, i went to my Iberia account, and got the exact same wierd message, Ive had to enter yet ANOTHER new password ! I tend to agree, there is something big going on behind the scenes !

    • idrive says:
      28 Mar28 March 14:40

      I managed to reset my BA account with a new password. got email quoting account# and Avios balance 0 will call to reinstate it…arghh account shows “Ex-gratia” too..

      while accessing accounts with AW after password reset, Iberia says something like:

      “it is not currently possible to update the account on a mobile version at present please log in with a desktop”
      on a desktop version it won’t allow me to update accounts unless i install the chrome plugin which i am NOT willing to do.

  • DAC says:
    28 Mar28 March 14:30

    can you imagine if the airline industry was governed by the FCA – there would be fines, hearings and action. As it is, nothing will happen to BA for this incompetent action –

    • RIccati says:
      28 Mar28 March 14:46

      Exactly. If the service is insecure they should have shut it down until it is. I.e., if there were massive multiple log in attempts across many accounts.

      If individual accounts got compromised, they should have received definite emails explaining that.

      By sending out vague emails like one above “This appears to have been…”, BA is making misrepresentation.

      Blocking accounts in a blanket way is a woeful approach. Now we don’t know whether a particular account was breached and one should generate a unique password for BA or it was an ‘over-reaction’ and the account was and is really fine.

  • idrive says:
    28 Mar28 March 14:30

    ah, and got no email from BA!

  • Andy says:
    28 Mar28 March 14:50

    Can I suggest we all calm down a touch – all this ranting and raving about incompetent action… please? These things happen sometimes and we’d all be complaining if our accounts were actually fraudulently accessed. Its probably a bit of a wake up call to be honest.

    I just phoned the silver line and they said they aren’t actually as busy as they expected to be – was about a 10 minute wait. No problem – just put the phone onto speak. Very polite and extremely apologetic. Asked some extra security questions and then my account will be sent for prioritised audit.

    • RIccati says:
      28 Mar28 March 15:01

      Fighting fraud does not mean that bank accounts for all of your family must be locked and all funds withdrawn ‘until further notice’.

      It means preventing specific fraudulent transactions and that is what BA should have been doing instead of carpet bombing.

      • Richard says:
        28 Mar28 March 16:43

        “Fighting fraud does not mean that bank accounts for all of your family must be locked and all funds withdrawn ‘until further notice’. ”

        Rubbish. I’ve had all the cards on my Amex account cancelled before now, because someone had skimmed the number of one of them. Until I got new ones I was essentially locked out of the account. It was inconvenient, but it’s necessary, and standard practice.

        • Liz says:
          28 Mar28 March 16:59

          We had a fraud on our Tesco mastercard about a month ago – we also got frozen out for about a week until new cards arrived in the post – but at least they picked up the fraud on the very first transaction – someone tried to use our card in New York!

        • RIccati says:
          29 Mar29 March 15:48

          Well this is a rubbish situation. AMEX gives an option of A.C. card to Platinum Cardholders. It has a different number, expiry and CVV. It remains unused until necessary.

    • Andy says:
      28 Mar28 March 15:03

      Frankly we don’t know the facts yet do we? And pretty obviously this isn’t the same as a bank account.

      This might make us all smile…
      http://www.youtube.com/watch?v=WCqm4H3m3Ew

      • RIccati says:
        28 Mar28 March 15:17

        About facts: I have browsed all 28 pages of Flyertalk thread on the issue and yet to see a report from someone who has actually been ‘hacked’/compromised.

        Either you accept that Avios are a property or not. If we accept the ownership of Avios (whatever they are), then it’s no different from funds in bank account. The bank could only stop delivering on your account, if it is bankrupt.

    • YL says:
      28 Mar28 March 16:42

      Sadly getting through the blue line do take much longer:-(

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

NEW: Sign-up bonuses boosted to 3,000 and 18,000 points

Latest Forum Posts

Get 40,000 bonus points (worth 40,000 Avios) and £300 dining credit with The Platinum Card

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get £10 when you spend £150 on your free Currensea card

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? SPECIAL OFFER TO 12TH MAY EARN POINTS WORTH 30,000 AVIOS WITH CAPITAL ON TAP

Get 20,000 bonus points, four airport lounge passes and your first year free with American Express Gold

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!