Maximise your Avios, air miles and hotel points

Should an airline reimburse your miles if you are hacked? Etihad Guest says no

Links on Head for Points may support the site by paying a commission.  See here for all partner links.

A few weeks ago Rhys wrote an article on what happened when his British Airways Club account was hacked. Luckily, although not unexpectedly, British Airways reimbursed his stolen Avios.

It is getting more and more common for frequent flyer accounts to be the target of hacks.

This never used to be the case, so what has changed?

Etihad account hacked

The answer should be obvious.

When the only redemption you can book is a flight, hacking a frequent flyer account is a waste of time.

The very best that a hacker can do is book themselves a flight. Unless they plan to travel immediately, the chance of getting away with the hack is very low. Even if they intend to fly a few hours later, there is still a real risk that the account holder notices.

Even if they hack isn’t noticed until after the flight, the airline will still have the passport details of the passenger and the payment card used to settle the taxes. It’s rarely worth the risk.

However ….

Over time, airline and hotel loyalty schemes started to add other redemption options. These were often pseudo-cash (such as Amazon e-vouchers) which suddenly made your mileage account a FAR more attractive hacking target.

Etihad Guest went even further. Via the Etihad Guest Reward Card, you can immediately turn your miles into cash, available to spend via a virtual Visa card added to your smartphone.

This makes Etihad Guest accounts particularly attractive to hackers.

If an airline makes itself a hacking target, shouldn’t they take responsibility?

A reader had his Etihad Guest account hacked recently. He got in touch with Etihad and received the email below in response.

What it says is:

  • yes, we agree you were hacked
  • tough luck, we’re not giving you your miles back

The small print (reproduced below) is interesting. Etihad Guest will consider giving back stolen miles UNLESS the account was accessed using your password (which will always be the case, surely?) If your password was used, you do not get your miles back back.

What is especially impressive about this response is that Etihad Guest knows where the stolen miles are.

Etihad Guest account hacked

Etihad Guest allows miles to be transferred to another account for a ‘fee’ of 10% of the balance. This is what happened here.

The hacker moved the balance (well, 90% of it less the 10% fee) to another account, presumably in a false name. From there they will presumably have created a virtual Visa card and headed down to their local shop.

If you have an Etihad Guest balance, make sure your password is secure and different from any other passwords you use.

Here’s Etihad’s response in full:

Dear XXXXXXXX

Thank you for contacting us. 

Upon reviewing our records, we can see that your account has been compromised. We suggest you create a new email address and we will update it to your profile to proceed with activation of your account.  

It is the guest’s responsibility to ensure that all their login credentials are kept secure.  

We strongly recommend regularly changing your passwords and ensure that the passwords are strong to prevent compromise.  

You can log into your Etihad Guest account regularly and keep track of all your transactions by checking the Activity History section.  

Please refer to the following terms and conditions:  

1.1.8 It is your responsibility to ensure that you take appropriate care of your Etihad Guest Card and your Etihad Guest Number (including login password credentials) to prevent unauthorized persons from accessing your Etihad Guest membership account.   

1.1.9 Etihad Guest assumes no responsibility for and is not liable for any unauthorized access by third parties to a member’s account and/or account information, including but not limited to any unauthorized award transaction made from the account, except as provided under applicable laws.

Etihad assumes no obligation to re-credit any unauthorized mileage withdrawal made by third parties. Etihad Guest reserves the right to review, in its sole discretion, requests for re-crediting unauthorized mileage withdrawals provided such request is made to Etihad Guest within three months of the unauthorized withdrawal.   

1.1.11 You should not disclose your password and login credentials to another person. Please make sure that your password is not written down and kept with your Etihad Guest Card. Etihad Guest is not responsible for stolen security credentials or passwords and will not re-credit miles for unauthorized redemptions using the guest’s security credentials or password.  

For more information about the terms and conditions, please click here.  

Recommendations:  

Change the password for your personal registered email address

Check if there have been any changes made to the recovery settings of your email address (such as a change of email or registered mobile number)

Due to the email address being compromised, you should change the passwords on all your online accounts

Change your Etihad Guest password

Kind Regards,  

Etihad Guest Team

PS. If you are not a regular Head for Points visitor, why not sign up for our FREE weekly or daily newsletters? They are full of the latest Avios, airline, hotel and credit card points news and will help you travel better.

To join our 70,000 free subscribers, click the button below or visit this page of the site to find out more. Thank you.

How to earn Etihad Guest miles from UK credit cards

How to earn Etihad Guest miles from UK credit cards (August 2025)

Etihad Guest does not have a UK credit card.  However, you can earn Etihad Guest miles by converting Membership Rewards points earned from selected UK American Express cards.

Cards earning Membership Rewards points include:

Membership Rewards points convert at 1:1 into Etihad Guest miles which is an attractive rate.  The cards above all earn 1 Membership Rewards point per £1 spent on your card, which converts to 1 Etihad Guest mile.

The American Express Preferred Rewards Gold Credit Card earns double points (2 per £1) on all flights you charge to it, not just with Etihad but with any airline.

Category

Etihad and Etihad Guest

Comments (83)

This article is closed to new comments. Feel free to ask your question in the HfP forums.

  • Rj-24 says:
    20 May20 May 07:00

    So an unethical move by a mythical airline that had the same policy would be to “employ” a hacker and “leak” the passwords for the top points-holding accounts and liberate the points. Would save the airline a fortune.

  • Can says:
    20 May20 May 07:09

    What a shame

  • Gerry says:
    20 May20 May 07:13

    So if Etihad knew where the hacked miles had gone, they are condoning criminality.
    The least they should do is offer to inform the Police.
    These are LOYALTY programmes; it’s supposed to work both ways.
    Okay; we all avoid Etihad now. Very poor indeed.

    • Bagoly says:
      20 May20 May 08:50

      Their response doesn’t say that they haven’t been proactive on that front.

      • NorthernLass says:
        20 May20 May 09:21

        Plus it depends very much on where the hacking took place. The offenders might be in (e.g.) China or Russia with zero possibility of being brought to justice!

    • BBbetter says:
      20 May20 May 13:08

      They dont have proof it was hacked. What if someone raised a false claim? And why should they compensate for poor password management of the user?

  • Euan says:
    20 May20 May 07:32

    What a Patronising email.

  • Nick says:
    20 May20 May 07:37

    I guess the situation is very dependent here… There are multiple types of ‘hacks’ and judging by the email, it seems this example was credential stuffing. It’s technically not a hack, as no systems were compromised, but the account likely shared a username and password with another service that was part of a data breach.

    This is why it’s vitally important to use unique passwords and, where possible, unique email addresses/username combinations. It renders any leaked credentials from one service unusable on another.

    Notably – most banks take a similar stance if cash is withdrawn using your PIN code. There’s an addition level of burden to prove it was stolen from your account in these scenarios.

    • Bagoly says:
      20 May20 May 08:49

      Exactly.
      “Etihad Guest will consider giving back stolen miles UNLESS the account was accessed using your password (which will always be the case, surely?) ”
      They presumably mean that if there is an actual hack inside their systems rather than from the front end then they will refund.

  • Jonathan says:
    20 May20 May 07:45

    We can all hope that the head of Etihad Guest program or the airline’s CEO will take some time to read over this article and the comments in a couple of days time (so by which point all comments will’ve fully died down), then they can take a good look at themselves and see how a consumer looks at them, they don’t want their loyal customers going elsewhere for their flights, but that’s what they’re half encouraging people to do, made even more worse by the (fairly) recent change to the expiry policy of their points…

  • yonasl says:
    20 May20 May 07:53

    Many people sometimes comments they would not fly to certain countries or use certain airlines due to politics. Everyone can have an opinion for or against doing that. But what we forget sometimes is that while airlines may not represent the politics of the countries they are based in, they are closely related to the ethics and business practices of the country/region. Iberia for instance is insane if you try to pursue your EU261 rights as they know you will never make it through the Spanish legal system. Equally, Ethiad seems to behave here like many ME companies where customer rights only exist if you are rich and powerful.

    • BBbetter says:
      20 May20 May 13:10

      +1. Noticed this with many such companies there, though the majority have good customer service. Difficult to shake off the culture of the home base.

    • Lady London says:
      20 May20 May 14:28

      Certain European countries operate like that too

    • Nico says:
      20 May20 May 21:24

      Spot on

  • ColinThames says:
    20 May20 May 08:03

    By their inaction Etihad has just announced “hackers welcome here” if they don’t pursue those illegally stealing points. Anyone with a large balance would be well advised to convert their points into cash now.
    I presume Etihad don’t comply with GDPR guidelines either. BA have to.

    • OverPlanner says:
      20 May20 May 09:40

      GDPR applies to all organisations holding personal data on EU/UK citizens (irrespective of their nationality). Etihad will therefore need to comply. If they are found to be non-compliant, not sure I’d want my compensation to be in Etihad miles based on this article/comments though.

    • Nancy says:
      20 May20 May 13:16

      That’s not what they announced at all. It’s been in the terms forever – if it’s Etihad’s fault the account got hacked, then they’ll reinstate the balance. If it’s the user’s fault that they reused the password or didn’t keep it safe, then Etihad does not take responsibility for that (and rightly so). Instead of converting to cash, isn’t it just easier to keep your password secure and safe?

    • Bert says:
      21 May21 May 08:51

      Problem is if they reimburse you when the hacker has already cashed out, then Etihad take a loss for something that was not their fault.
      If Etihad got hacked then absolutely they should be on the hook and compensate customers, but in this case it looks like the breach isn’t happening on Etihad’s side, rather customer credentials are being compromised from somewhere else and simply being used to login to Etihad’s system.

This article is closed to new comments. Feel free to ask your question in the HfP forums.

New to Head for Points?

Welcome!  We’re the UK’s most-read source of business travel, Avios, frequent flyer and hotel loyalty news. Let us improve how you travel. Got any questions? Ask them in our forums.

Get 25,000 Avios with the Barclaycard Avios Plus Mastercard

GET A SIGN-UP BONUS OF 18,000 VIRGIN POINTS!

Latest Forum Posts

Get 50,000 bonus points (worth 50,000 Avios) and £400 of dining credit with The Platinum Card

Check reward flight availability instantly for free!

See a whole year of reward seat availability on one page at SeatSpy.com

Get 10,000 bonus Hilton Honors points and instant Gold status!

Booking a luxury hotel?

Our luxury hotel booking service offers you GUARANTEED extra benefits over booking direct. Works with Four Seasons, Mandarin Oriental, The Ritz Carlton, St Regis and more. We've booked £1.7 million of rooms to date. Click for details.

SME? Get the only free credit card with points which convert to Avios

Get points worth 20,000 Avios with 'first year free' American Express Gold

The UK's biggest frequent flyer website uses cookies, which you can block via your browser settings. Continuing implies your consent to this policy. Our privacy policy is here.

Got it!