Posting this as a warning because this seems way too easy to happen.
This morning I got an email about “my redeemed miles.” I haven’t flown or logged into my Alaska account in months. Logged in within 20 minutes and saw someone had booked two international award tickets. One already flown. One coming up in February.
Tried chat first. They told me to cancel the Feb flight and call another department for the one already in the air. Ended up spending about half the day between chat, hold time, and calls.
I got the miles back for the Feb flight. For the one already flown, I had to lock my account, send photo ID, cancel my connected credit card just in case, change multiple passwords, and now I’m flagged so I have to call and verify identity every time I want to use miles. Not thrilled about that.
I get that reused passwords are a risk. This was an old account and that’s probably on me. What really bugs me is no login alert after months of inactivity, no 2FA for an account tied to real money value, and the general attitude that this was somehow my fault.
If you have Alaska miles sitting around, seriously go change your password.
0