Maximise your Avios, air miles and hotel points

Heathrow Rewards is back online

Links on Head for Points may pay us an affiliate commission. A list of partners is here.

The Heathrow Rewards website had been down for a few weeks with no way for members to access their account. Last week, a slightly cryptic email was sent to members which implied that a data breach had taken place.

The website is now back and you can access your balance, but there are new security policies in place.

Heathrow Rewards website is working again

How has Heathrow Rewards changed its security?

Go to the Heathrow Rewards website here and log in via the head profile in the top right corner.

This is what you see:

Heathrow Rewards website fixed

As well as your email address and password, you will need your Heathrow Rewards card number.

When you attempt to log in, you will need to set a new 12 character password. This is a more complicated process than necessary, requiring you to use a link which is emailed to you.

The good news is that, once you have got through all this messing around, you will be able to get back into your account again.

Hat-tip to Miles from Blighty.

Comments (25)

  • Phillip says:

    Having updated my password, I can still see all the airline redemption options as of this morning.

    • Chas says:

      Like you, I can still see the airline redemption options too.

    • Cats are best says:

      Same here,.

      But there’s a qualifier on each one saying “Until 31/12/2021”, presumably that’s when they end or some other change happens.

      • Phillip says:

        It was the same last year. Last December it said “Until 31/12/2020” and then rolled over the following day.

  • Lynsey says:

    Do you think with less redemption options it’s less likely they will do a promotion on converting into shopping vouchers, had been holding off for one (that and the fact I’ve barely been in Heathrow in the last year)

  • BJ says:

    Wonder if I can finally get rid of my M&M miles.

  • Lynsey says:

    I can’t even log in this morning, they’ve always only ever wanted card number and password never an email address, I have tried both my current email address and an older one that I may have signed up with but both say that the details are wrong, I have done forgotten password (even though I know the password is correct) for both email addresses. Anyone else having problems?

    • Chas says:

      I had problems changing my password once I had successfully logged in. The password rules are clear (at least 12 characters, etc, etc), but I could only get it to work if my new password was exactly 12 characters….

      Even once I’d then successfully changed it, I was unable to log in for a while due to what turned out to be a formatting issue with the card number – despite it being displayed with spaces, it would only work for me if I removed the spaces. Hope that helps.

      • Bagoly says:

        Programmers are fallible, and testing is cut to save costs…
        if len(password) 12 instead of if len(password) < 12

        Similarly when setting up a new account yesterday, Avios.com repeatedly told me that "email address has been used already" but it turned out that it meant "username has been used already".

        • Doug M says:

          Not testing enough to get basics right is crap. Incidentally I’m not sure the password issue is length, I think it may relate to special characters on their list not being accepted.

          • Chas says:

            Maybe I got lucky then that my newly generated password of exactly 12 characters also omitted some special characters which weren’t allowed. Either way, it was a far from seamless process.

      • Andrew says:

        My 15 digit password worked just fine.

        • Doug M says:

          Yes I was able to set a 15 character password eventually. Still won’t let me login though.

      • MrHandBaggageOnly says:

        Thank you for this! I was about to get really grumpy with Heathrow Rewards as I could not log in once I’d reset the password, then read this, deleted the spaces on the card number and was in straight away.

  • Pete M says:

    Now they should allow us to claim back the points we were not awarded during the shut down!

    • Save East Coast Rewards says:

      If you’ve kept the receipts then they will!

  • Muhammad Abdullah says:

    I’ve got £100, considering M&M because I don’t see myself buying anything at LHR these days given no more duty free

    • bafan says:

      I bought some Chanel a couple of weeks ago from WDF and it was still the same price as before, so I guess they are taking the hit for now.

  • Mr. AC says:

    … One day late, had to cash out my expiring M&M points yesterday into an Amazon gift card at a much worse rate… Oh well, you win some, you lose some. Glad Heathrow rewards are back at all.

  • CarpalTravel says:

    Hold on, if there has been a data breach isn’t it their responsibility to notify people potentially impacted in a timely manner, without delay? If this is the case it sounds like they have failed there too.

    Pretty sure I heard that during a moment of consciousness, during my GDPR training….

    • Mark M says:

      My email wasn’t cryptic at all:-
      —————
      We are getting in touch about suspected fraudulent access to your Heathrow Rewards account. This email sets out information about what we believe has happened, what you will need to do to access your account in future, and other steps we recommend that you take now. We would like to reassure you that Heathrow Rewards does not hold any of your financial information or card details.

      How Your Account Was Accessed

      The username and password which you use to login to Heathrow Rewards were used by fraudsters to access your account. We believe your login details were likely obtained by fraudulent activity affecting another platform, unconnected to Heathrow. For example, it may be that your username and password details have been obtained illegally from another website, and then have been used by fraudsters to try and access other online accounts, or that your password is guessable. At this stage, we have not seen evidence that the fraudsters who managed to access your account have made (or attempted to make) any unauthorised transactions.

      When this came to our attention, we acted swiftly to remove all access to the Heathrow Rewards website whilst our investigation progressed. That investigation is ongoing, and we are liaising with appropriate UK authorities.

      Securing Your Account

      In order to secure your Heathrow Rewards account, we have temporarily frozen your account and reset your password. We will be in touch when the Heathrow Rewards website is live again with guidance on accessing and securing your account with a new password.

      Check Other Online Accounts

      As we set out above, Heathrow Rewards does not hold any financial information or bank card details, and no financial information has been compromised as a result of the unauthorised account access.

      However, given that the fraudulent access may arise from a third-party incident or password re-use, we strongly recommend that you review and if necessary update your login details for your other online accounts, especially if you have used the same email address or username and password anywhere else. You should check and monitor those accounts for any suspicious activity. You should also review any partner accounts that are connected to your Heathrow Rewards account. There is more information on how to protect yourself from online fraud and check what details have been made available to fraudsters here: http://www.actionfraud.police.uk/individual-protection.
      —-

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.