All of my readers know that you should never reuse the same password on multiple sites. Now, plenty of people are learning that the hard way after thieves used stolen login credentials from other sites to break in to United and American Airlines accounts and swipe frequent flyer upgrades.
The criminals had access to login information from other websites and then attempted to use those same credentials to log into United's MileagePlus accounts and American Airlines' AAdvantage accounts. This tactic didn't always work, but the thieves were able to access 10,000 American Airlines accounts and "make mileage transactions" in under 36 United MileagePlus accounts. Luckily, they didn't get their hands on any other information like credit card numbers.
United notified customers about the fraud in late December. [Spokesman Luke] Punzenberger said the airline is restoring miles to all drained accounts.
American Airlines is working to set up new accounts for affected customers and is going to pay for one year of credit monitoring for each person as well.
United is now making all MileagePlus customers enter their account number along with other login information when they're signing on. That way, criminals with username and password data from other sites still won't be able to break into accounts.
There's also a simple way you can protect your accounts from hacks like this. Never use the same password on multiple accounts. It's one of the top mistakes people make when creating passwords.
I know that keeping track of all of those long, complicated passwords can be tough. That's why it's smart to use a password manager. They store all of your passwords on your computer or gadget and are protected by a master password.