• Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.

Help! Accor points hacked. 62k points deducted

Hisoka

TF Ace
Hi everyone. I had Accor balance of 63k points, transferred them during the time of Axis Magnus devaluation. Since then I'm just adding couple of points before the end of the year to extend their validity. I opened my Accor app after couple of months, and checked all my points were being used in some random Hotels in Dubai and Turkey. I DIDN'T book these and neither did I receive any confirmation mail/OTP on my phone or email. My Accor is connected with my Google account and it shouldn't be easy for someone to login using the same. I've attached screenshots of my transaction history, as you can see they show 0 nights. How is it possible to book a hotel with 0 nights and still consume my points.

I tried reaching customer care but they're not picking up. I tried contacting their reservation team instead, they're suggesting to contact with the customer care team itself. Is this a glitch? What's the immediate thing that I can do?

1742135009006.webp

1742134986414.webp
 
Does Accor not have MFA integrated to their accounts? I am seeing too many people getting their Accor accounts hacked. If there is no integration available, I would probably assume the password you were using for your Accor account was leaked in a data breach.
 
Adding link for references to similar cases :

 
Hi everyone. I had Accor balance of 63k points, transferred them during the time of Axis Magnus devaluation. Since then I'm just adding couple of points before the end of the year to extend their validity. I opened my Accor app after couple of months, and checked all my points were being used in some random Hotels in Dubai and Turkey. I DIDN'T book these and neither did I receive any confirmation mail/OTP on my phone or email. My Accor is connected with my Google account and it shouldn't be easy for someone to login using the same. I've attached screenshots of my transaction history, as you can see they show 0 nights. How is it possible to book a hotel with 0 nights and still consume my points.

I tried reaching customer care but they're not picking up. I tried contacting their reservation team instead, they're suggesting to contact with the customer care team itself. Is this a glitch? What's the immediate thing that I can do?

View attachment 86913

View attachment 86912
Did you use your Accor password for any other website or any other account whatsoever?
 
Send them an email, so you have written proof of all communication. High chances this may resolve in your favour, as Accor rules states that the account holder needs to be present at the time of checkin, which would not have happened in these cases
 
Did you use your Accor password for any other website or any other account whatsoever?
I initially logged in Accor with my Google account, yes that password is shared across few places. I’ve updated my Google password, but most probably password breach should be the case. But I still don’t get it, how did the hacker successfully booked the hotels when I did not receive any confirmation mail for the same. Neither did I receive one after the booking was confirmed.
 
Send them an email, so you have written proof of all communication. High chances this may resolve in your favour, as Accor rules states that the account holder needs to be present at the time of checkin, which would not have happened in these cases
Yes I hope so, the screenshots mention 0 nights which doesn’t make sense anyway. But I read somewhere that Accor support is not that great and we might have to escalate the issue to other platforms like Twitter to get this resolved.
 
Accor is neither picking up my call nor replying to my email.
I sent mail to 2 mail ids
1. customercare@accor.com -> No response
2. members@accorplus.com -> They're saying as I'm not a plus member they can't help me with my concern, kindly contact customer care.

Any idea how much time does Accor takes to reply to the email. Any suggestions of alternative ways to escalate this issue would be really helpful

Edit: Tried calling them today, they're constantly disconnecting my call. What an amazing service!
 
The hotel has to check the passport at the time of check in, to make sure that the passport name matches the reservation.
What if the hacker didn't actually check in, it shows 0 nights in my transaction history. I doubt he'd be going to Dubai and then to Turkiye with a fake ID and passport
 
What if the hacker didn't actually check in, it shows 0 nights in my transaction history. I doubt he'd be going to Dubai and then to Turkiye with a fake ID and passport
Sometimes, it takes a few days for the status nights to appear. I can see you already received 3 status nights on the 8th of January for Movenpick Dubai. That means the stay was probably completed. Correct me if I'm wrong.

There is a "request invoice" option on the Accor app. Request invoice from all the properties that were booked. Let's see whose name appears on them. If your name appears, you can file a proper dispute with Accor. You can scan all the pages of your passport, and send it to them as proof that you were in India during those dates.
 
I initially logged in Accor with my Google account, yes that password is shared across few places. I’ve updated my Google password, but most probably password breach should be the case. But I still don’t get it, how did the hacker successfully booked the hotels when I did not receive any confirmation mail for the same. Neither did I receive one after the booking was confirmed.
Your Google account is linked with Accor, and you did not even receive the emails after booking. Hence, it is clear that the hacker had access to your Gmail account and deleted the confirmation email as soon as it was received. So, you had no clue when the booking was made.
 
Your Google account is linked with Accor, and you did not even receive the emails after booking. Hence, it is clear that the hacker had access to your Gmail account and deleted the confirmation email as soon as it was received. So, you had no clue when the booking was made.
Even if the hacker knew my password, how could he possibly login to my gmail account without me approving it. I have all sorts of 2FA and mobile verification turned on. And even after that, I should've at least received the notification for the same when my Accor points were used
 
Even if the hacker knew my password, how could he possibly login to my gmail account without me approving it. I have all sorts of 2FA and mobile verification turned on. And even after that, I should've at least received the notification for the same when my Accor points were used
This is indeed baffling if you do have 2FA enabled. Maybe you forgot logging off from a public computer. No idea how the hacker managed to do all this - we can only make guesses.

Emails are always sent when the booking is confirmed. Since you did not receive any email, there is a high probability that the hacker did have access to your emails and deleted them.
 
Accor accounts getting hacked these days. My account was also blocked and used in Morocco. Later on raising escalation and they asked some Pledge letter. After investigating for 20 days or so, they have refunded the points.

Changed password with some 25 letters.
 
Last edited:
Accor accounts getting hacked these days. My account was also blocked and used in Morocco. Later on raising escalation and they had some Pledge letter. After investigating for 20 days or so, they have refunded the points.

Changed password with some 25 letters.
Okay that shows some hope. Will it affect that my points were used in Jan and I’m raising the complaint now?
 
Accor accounts getting hacked these days. My account was also blocked and used in Morocco. Later on raising escalation and they had some Pledge letter. After investigating for 20 days or so, they have refunded the points.

Changed password with some 25 letters.
Kindly inform everyone about the entire process in detail, because this is becoming common
 
Back
Top