All of my readers know that you should never reuse the same password on multiple sites. Now, plenty of people are learning that the hard way after thieves used stolen login credentials from other sites to break in to United and American Airlines accounts and swipe frequent flyer upgrades.
The criminals had access to login information from other websites and then attempted to use those same credentials to log into United's MileagePlus accounts and American Airlines' AAdvantage accounts. This tactic didn't always work, but the thieves were able to access 10,000 American Airlines accounts and "make mileage transactions" in under 36 United MileagePlus accounts. Luckily, they didn't get their hands on any other information like credit card numbers.
United notified customers about the fraud in late December. [Spokesman Luke] Punzenberger said the airline is restoring miles to all drained accounts.
American Airlines is working to set up new accounts for affected customers and is going to pay for one year of credit monitoring for each person as well.