Some links to products and partners on this website will earn an affiliate commission.
IHG Rewards Club has long been criticised for its weak security measures – the only password required to login to an account is a 4 digit pin, and you can combine that with either the membership number or email address. In an age where the average aspiring cyber criminal has more processing power in their back pocket than most intelligence agencies did just a few decades ago, a simple 4 digit pin is clearly asking for trouble. When you ask for trouble, it almost always shows up, and in this case that means more IHG accounts hacked by criminals.
Reports on Flyertalk of hacked accounts and fraudulent Points transactions go back years, but the issue seems to be particularly bad right now. Indeed, my favourite Singaporean travel blogger The ShutterWhale just had 339,500 IHG Rewards Club Points swiped from his account this week!
He only noticed because he saw the transaction pop up on his AwardWallet account, which is a good reminder to keep a close eye on your Points and AwardWallet can certainly help with that.
IHG Points are valuable and can be turned into gift cards etc (admittedly at such a poor rate that I almost feel sorry for the crooks!), which are effectively cash equivalents, making large balances a tempting prize for hackers.
At some times my IHG Points balance has been at a level I would easily value in the £1,000s and I know some business travellers have balances way beyond that. Few people would think it a good idea to put thousands in a bank account that had such poor protection, but with our IHG Points we don’t have a choice.
This isn’t intended as an anti-IHG rant (if you want one of those, just ask me what I think about the new website 🙂 ), but constructive criticism. It’s obviously only because I value IHG Rewards Club Points that I care about whether they are secure or not – and introducing a more advanced password system really isn’t a huge ask in 2018.
Check your IHG account now and take good care of your Points and Miles in general, even if the companies themselves don’t always make it easy.
Let’s, perhaps, not take things too far though – my brother managed to lock himself out of his SPG account for weeks after they introduced their new multi-level login protection!
Have you ever had Points stolen from one of your accounts?