I’ve nothing to add to the BA hacking saga, but feel free to add your comments here!

Links on Head for Points pay us an affiliate commission. A list of our partners is here.

A huge percentage of Head for Points readers, including myself and my wife, are currently locked out of their Avios accounts.

Changing the password simply shows a zero Avios balance which BA appears to have confiscated ‘for my own good’.

I don’t know anything more except what has been said in the email below. Looking at reports on Flyertalk, it seems that there is NOT a specific exterior service causing the problem.  AwardWallet and TripIt have NOT been compromised.

However, my best guess is that BA is trying to find accounts which HAVE been the target of suspected hacks.  If you are registered with AwardWallet then your account will have been accessed from outside the UK by AW on a regular basis and this may have flagged you as high risk.  This is only a guess.

I have nothing more to add which adds to the discussion, to be honest.  We can use this article for comments on the topic, however.

The letter from BA goes:

Dear Customer

British Airways has become aware of some unauthorised activity in relation to your Executive Club account.

This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to your Executive Club account.

We understand this was login information relating to a different online service which you may have also used to access your Executive Club account.

We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.

We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.

If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts, as well as exercising vigilance regarding any unusual or suspicious use of your personal data.

For a short period of time, as a precaution, we have also suspended the use of Avios on your account. We will let you know when this suspension period is over.

In the meantime, however, if you wish to spend your Avios please contact us via your local Executive Club service centre. We will be able to reactivate your account by asking you some additional security questions.

We are sorry for the concern and inconvenience this matter may have caused you and would like to reassure you that we are taking this incident seriously.

British Airways Executive Club team

Get a free Pret coffee, free wi-fi and more via the new myGatwick website
British Airways Gatwick First lounge to close at 3pm ... and permanently from November?
Click here to join the 13,000 people on our email list and receive the latest Avios, miles and points news by 6am.

IHG
Amazon ad
About Head for Points

We help business and leisure travellers maximise their Avios, frequent flyer miles and hotel loyalty points. Visit every day for three new articles or sign up for our FREE emails via this page or the box to your right.

Comments

  1. I have just reset my password and am relieved to see that my Avios balance is still intact – 2.
    Phew!

  2. AndyGWP says:

    Quick update from me (don’t think it’s been mentioned)

    I was away at the weekend, only done the password reset today, and my avios balance had already been re-instated yesterday according to my points history… so doesn’t seem to be dependant on when you unlock your account (for what it’s worth)

  3. Graeme says:

    I got an e-mail from BA last night telling me to log in and change my password, which I’ve done (first time, no problems). That was the first I’d heard from BA about this. My points are as they were, and a check of the statement shows that they were removed on the 27th and replaced on the 30th.

  4. Fenny says:

    I’ve been tweeting BAEC for the last 4 days and still didn’t get any email to reset my password. Finally rang today and managed to speak to someone. He tried to send an email that didn’t arrive. He then said that there had been some issues with the links between user name and email address, so pointed me at the online email address change form. That didn’t work, as it rejected my snail mail address! He tried and had the same problem, so has had to raise an issue with system support. There has been an issue with data resets.

    He was very helpful and explained what he was doing, made notes on my account and gave me his contact info in case I need anyone to speak to him about it in the future. But I still can’t actually access my account right now. Having booked my May trip to the US with Virgin UC,all I need to do now is work out where I’m going in July and hopefully manage to book it before all the changes kick in.

  5. Been waiting for 2 weeks and nothing.
    Piss poor!

    • It really is. It took 2 weeks to sort mine out and it was nothing that BA did that fixed it. Meanwhile, the email that the twitter droid promised has never materialised.

      What you can try and do is change your email address via the form at ba.com/echangeemail. Fill in all your details as requested. If it doesn’t like the first line of your address, try it with just the house number.

      Once that goes through, which may take a couple of days, you will get an email asking you to confirm your new email address. If the link in the email doesn’t work and you get a message saying the systems are seriously f*cked^W^W unable to process the request, go back to the “forgotten password” screen and try again. That should generate a password reset email.

      Well, it worked for me.

      • That tip about the first line was very helpful thanks.

        BA on to me this evening suggesting I change my email address. They clearly can not get to the real issue here but are trying all avenues.

  6. David Froude says:

    STILL NO LOGIN POSSIBLE

    This evening – after 45 mins holding on, very helpful person on Bronze line spends 20 mins with me – still back office “looking into it”. I am also in contact by twitter getting all the same messages – “looking at it” – but I still can not login to BA.com – this is pretty dreadful service, despite the politeness of customer services. Commitment given to advise me of updates to my mobile. Did manage to confirm all my Avios are intact and all those of my household account, who incidentally can login ok themselves.

    Are there any others of you who still can not login to BA.com on your Exec No?

    • Finally, today, I got an email from BA, which says it was nice to hear from me!

      Lots of guff about how frustrating it must be to not be able to access my account and this really doesn’t happen often, but they’ve sent me a link to reset my password and to check to make sure that their emails don’t accidentally fall into my spam bin.

      As it’s 5 days since they said the systems team would contact me and 3 days since I finally managed to get access through my own efforts, I think this is crap.

      • Were you able to login ok?

        • I managed to get access to my account last Saturday, through no effort on BA’s part. Even the password reset link they sent me didn’t work and I had to get in a different way.

          • Are you able to share that way in?

          • I went through the link at ba.com/ecchangeemail. Filled in the form, which told me the first line of my address was incorrect. Worked out that it needed the house number only in the first line. Some days later this generated a change of address email and asked me to click a link to confirm my account. The link was broken (I got a “our servers are unable to deal with this request” message), but I could then go through the “forgotten password” process to generate a password change email.

            Good luck.

    • I am still unable to login to the BA website. I received email informing me of the unauthorised access to my BA account which asked me to reset my password on the 31st of March. Since then all attempts to reset my password have failed as I never receive the email which should follow a password reset request. Two weeks ago I called BA and was told that they were still auditing the accounts. Today I called them again and they said they have raised a ticket to ask someone else to reset my password. I was told this will take 7 days.

      When I requested my password resets through the website, I have tried using my membership number and email address. Neither appear to work. During my first call to BA they confirmed that my email address was correct. There are no spam filters on my email accounts. I’m also still receiving the routine mail shots from BA.

      I think I’ll try changing the email address see if that works.

      • BA need to do some serious grovelling about this cock up. It’s interesting that it’s happened just before the major changes in the Avios programme. Yes, you can still ring up and book online, but I’m sure I’m not the only person who likes to mull things over and then grab an opportunity as it arises on the spur of the moment.

        Even though I have my account access back now, the 2 weeks or so of utter lack of clue I had to endure from BA were abysmal. Being fobbed off with idiotic excuses about IT problems is not acceptable and I certainly won’t be recommending anyone to fly with them where there’s an alternative. All they really needed to do, which I asked for repeatedly, was to get someone to email me, listen to my issue and deal with it. They failed at such basic customer service and then sent me a pointless and patronising email a week too late.

        If any BA managers are reading this, you need to sort out your IT functions sharpish.

  7. Unfortunately our systems are not responding, so we are unable to process your request at the moment.

    We apologise for this inconvenience and suggest you try again later.

    This is the hopeless reply from BA to me clicking on as requested a response to my change of email address with THEY requested I do.

    What is going on?

Please click here to read our data protection policy before submitting your comment.