On Friday I posted about how without any communication, British Airways locked thousands of Executive Club members out of their accounts. As it turns out, it seems the accounts were shut down for anyone that uses a third party service (like Award Wallet) to access their account balances. I think our community is heavily represented on that front. 😉
When you tried to log into your Executive Club account you’d simply get a message saying:
We are not able to recognise the membership number that you have supplied. Please check and re-enter.
You could log into your account again after resetting your password, though all Avios were missing, which made many members panic.
British Airways’ communication on this issue was abysmal, in my opinion. Hours after shutting down accounts they emailed members to inform them that their accounts had been locked down and it wouldn’t be possible to redeem Avios online for an unspecified amount of time:
We have now locked down your online account to protect it from further access. As part of the lock-down process we have also changed your password and you will need to reset it before you are able to use your account.
For a short period of time, as a precaution, we have also suspended the use of Avios on your account. We will let you know when this suspension period is over.
It looks like this has finally been resolved.
Avios were restored to my account this morning, and I received the following email from British Airways Executive Club this afternoon:
We are continuing to investigate this incident, which we understand was the result of a third party using information obtained elsewhere on the internet to gain access to Executive Club accounts.
At this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.
We also do not believe, at this stage, that any Avios have been removed from your account, so we have now lifted the precautionary suspension on your account and you are free to use it as you wish.
However, if you haven’t yet changed your password as a result of last Friday’s email from British Airways, please visit the British Airways website and follow the “Forgotten PIN/Password?” link, which can be found in the top right hand corner of our main home page.
We would recommend that you continue to be vigilant about any unusual or suspicious use of your personal data.
If you use the same login details for your Executive Club account as you do for your online accounts with any other organisations, we would also recommend that you change the passwords for these accounts.
We are sorry for the concern and inconvenience this matter has caused you and would like to reassure you that we are continuing to take this incident seriously.
I realize account security is a hot topic nowadays as there have been tons of data breaches. Though I find this particular incident puzzling.
British Airways is acting as if any third party access to an account seemed like a hack. Were they not previously aware of AwardWallet, or what? Because based on what they’re saying, it seems the cause of their concern was third party account access, and surely that’s not something that’s new to them.
Beyond that, if they were going to temporarily shut down accounts then it seems like they should do that (with an error message reflecting what’s going on) rather than still letting you log-in but seeing all your Avios missing.
I’m happy this was ultimately resolved reasonably quickly, but British Airways, next time maybe:
- Communicate with members better
- Don’t panic when you learn about this thing called AwardWallet 😉
How do you feel about how BA handled the supposed Executive Club account “hacks?”