The mystery of my British Airways Executive Club account deepens. And I have a theory.
My bizarre August British Airways account hack
In August I posted about some weird activity with my British Airways Executive Club account. Specifically, I was emailed a rejection for a status match request I had made, as well as a rejection for missing mileage credit I had requested with Executive Club.
There’s only one small catch — I hadn’t requested the missing mileage credit or the status match.
I’ve certainly had readers do malicious things, though I’m not sure what exactly this would have accomplished. Them trying to get me BA Gold status seems like a favor more than anything. I didn’t investigate much further, since I assumed it was a one-off and just wasn’t worth investigating too deeply, given that I didn’t get credited miles or status I didn’t deserve, or anything.
My even more bizarre British Airways account hack
Well, several months later this just got weirder. A lot weirder.
Yesterday I received four emails from British Airways Executive Club confirming I had requested missing mileage credit for two airberlin flights and two Qatar Airways flights:
The emails had indicated that the requests were being passed on to the airlines operating the flights, and that I’d receive confirmation of missing mileage credit within eight weeks.
Now I didn’t actually request that mileage credit, given that two of those flights were award flights and two of them were credited to American AAdvantage (even if it was a real pain to get them credited).
It gets much weirder.
Shortly thereafter I received the following email from British Airways:
Thank you for requesting Avios and Tier Points for your recent flights with us and our partners.
I have credited your missing flights with us and submitted your claim for your Qatar Airways and airberlin flights for them to check and approve.
You can keep track of your claim by logging in to your account on ba.com and clicking on ‘Claim missing Avios’ then ‘Where is my BA partner claim?’.
If they accept your claim, we will usually credit your account within 28 business days. If your claim is unsuccessful we will contact you to let you know if we need any more information, or if your flight is not eligible to earn Avios or Tier Points.
Remember – if you flew with airberlin on a JustFly fare, this does not earn Avios or Tier Points, so we will be unable to credit your account.
When you fly with airberlin or Niki on short and mediumhaul routes with no Business Class cabin, only some fares will earn Avios. On FlyFlex+ fares you will earn 100% of the miles flown, on FlyClassic fares you will earn 50% of the miles flown, on FlyDeal fares you will earn 25% of the miles flown, while on JustFly fares you will not earn Avios or Tier Points. Flights with these fares will credit to your account as Y, M, P and A class respectively, even if your ticket shows a different class which would earn Avios on longhaul or codeshare flights. On codeshare or longhaul flights you will earn Avios and Tier Points according to the class shown on your ticket. You can see the list of classes and fares which do earn Avios on ba.com.
I have checked your booking and can see your Alaska Airlines flights were paid for using Avios. I’m sorry to say tickets purchased using Avios, On Business points or our partners’ frequent flyer programme miles, kilometres or points do not earn Avios or Tier Points, so I am unable to credit your account.
I’m happy to say that I have transferred your membership to Silver and ordered you a new card, which you will receive in the next 28 days. Your new status will show on your account in the next 24-48 hours.
Until you receive your new card, you can order a digital copy of your membership card on ba.com or the BA mobile app. The digital card is just like a plastic card – it has your name, membership number and card year expiry date but there’s no need to carry it with you. It still allows you take advantage of your membership benefits while you’re at the airport.
Woah, someone requested missing mileage credit for my account for about a dozen flights. Enough flights so that I qualified for BA Silver status and earned 50,000+ Avios I didn’t deserve.
Apparently someone even tried to request missing mileage credit for the Alaska award flights I took which I booked using Avios.
The issue, of course, is that the eligible flights are ones I already credited to American AAdvantage, and while I’d love to “double dip” earning miles, I also know that’s not right, and for that matter could cause them to suspend my account.
What could the motive be?
This is bizarre:
- What would someone’s motive be for requesting a status match for me, and for requesting additional miles? Are they trying to help me out (as they perceive it)? That seems a bit backwards, no?
- If their intent was to spend the Avios and they had full access to my account, you’d think they would change the email address on file so that I wouldn’t be alerted every time such a request is made.
- The strangest part is that missing mileage credit was requested partly for flights which I in no way shared publicly; in other words, it’s not just flights I reviewed or flights I posted Instagram pictures from, but a few others as well.
This leads me to two theories:
- It sure seems like the goal might not be to hack my account so they can spend my miles, but rather that they’re trying to get me in trouble with the airline(s) by requesting duplicate mileage; in other words, if I’m credited all these miles and don’t say anything, the airline(s) could certainly go after me and take back the miles and suspend me from the program.
- While I can’t say it with certainty, the fact that credit was requested even for flights I never wrote about suggests it’s someone with inside knowledge of my itineraries, perhaps even someone at an airline who would have access to my itineraries.
I find this kind of account hack to be super creepy. It’s one thing if someone changed the info on my account and tried to steal miles from me, which would at least have a straightforward motive. But the motive here isn’t as apparent. If they were trying to steal miles from me, presumably they’d change the info on the account so I didn’t receive notifications. And for that matter no miles have been redeemed.
Further, the inside knowledge of requesting miles for flights I never wrote about suggests this is someone who has access to all of my travels, perhaps someone at an airline (it could be any of a few airlines).
I’ll be reaching out to British Airways once this post publishes to see if they’ll investigate this with me. I figured it made sense to publish the blog post with all the background first, given that this is probably a bit too complex to handle through the traditional customer service email. It’s much easier to be able to link to this blog post and lay everything out.
Anyone have a theory as to what’s going on?