Accor Account hacked and 129393 Reward points used

my all accor account has been hacked and someone redeemed 129393 points at 3:30 am on 7th may , I immediately informed all accor team and they have ask to fill a disputed form.
Hacker used the points to book iphone 15 pro in gemanay address that cannot be cancelled.
I am worrying whether I will get my points back.
Any help in this regard is appreciated.

 

[drsel]

@SSV accor point can be used to buy iphone ? What value

It is more than double the cost on Amazon

 

[Vasuki]

It is more than double the cost on Amazon

How to is the question

 

[sgoyal9]

I did not even know you could spend Accor points like this. It is absurd that they allow this without some safety net.

Just a FYI, to everyone who thinks that Accor cares even 1% is highly and I empathetically say highly mistaken.
They do not have even the most basic courtesy or commitment to Indian customers. Even after being a paid Accor plus member, they do not reply to your messages on their website, you cannot call them, nor is there even an support email!!!

 

[drsel]

I did not even know you could spend Accor points like this. It is absurd that they allow this without some safety net.

Just a FYI, to everyone who thinks that Accor cares even 1% is highly and I empathetically say highly mistaken.
They do not have even the most basic courtesy or commitment to Indian customers. Even after being a paid Accor plus member, they do not reply to your messages on their website, you cannot call them, nor is there even an support email!!!

I don't see the value of paying for a plus membership

 

[rafzy]

For all asking for the link, here it is

Limitless Experiences by ALL - Accor Live Limitless - Home Page EMEA EN

limitlessexperiences.accor.com

 

[drsel]

For all asking for the link, here it is

Limitless Experiences by ALL - Accor Live Limitless - Home Page EMEA EN

limitlessexperiences.accor.com

This is the link for shopping on Accor, which is not recommended because it is very over priced

 

[ShantanuGarg]

Please do not try and access the Dark Web though there are some sites you can use. Do remember that the Dark Web are basically sites where illegal activity takes place, crypto is currency and they are also sites that could be monitored by law enforcement. You could get trapped between the law and threat actors, especially if you don't know how to mask your trail, use professional grade VPNs, etc.

To Track Through Google (Dark Web Report):


Another source: https://haveibeenpwned.com/

You will find others from the Net. Look for tracking from reputed sources.

Google also offers constant tracking of your data on the Dark Web through a Google One membership.

Yeah. Use this.

 

[Mr.Payne]

my all accor account has been hacked and someone redeemed 129393 points at 3:30 am on 7th may , I immediately informed all accor team and they have ask to fill a disputed form.
Hacker used the points to book iphone 15 pro in gemanay address that cannot be cancelled.
I am worrying whether I will get my points back.
Any help in this regard is appreciated.

They don't have 2fa system where they send a code to your phone? Also did you save your password anywhere?

 

[captaintorchtm]

Those are tokens and not actual card details.

Whenever you transact, the stored token is mapped against token vault of the card network, where actual sensitive data is stored, which then goes to the payment gateway and your transaction is then processed by your card issuing bank.

So the eCommerce sites actually maps the generated gibberish token against the customer data to identify what tokens belong to which account.

Hence if you enter the wrong cvv then also the transaction will go through as thats how tokenization works.

 

[joshuatree]

Hence if you enter the wrong cvv then also the transaction will go through as thats how tokenization works.

That's completely messed up. Removes a massive layer of security. Earlier if you put in the wrong CVV the transaction would not go through.

Did RBI not know about this before they mandated tokenisation?

 

[captaintorchtm]

That's completely messed up. Removes a massive layer of security. Earlier if you put in the wrong CVV the transaction would not go through.

Did RBI not know about this before they mandated tokenisation?

Card only gets saved and tokenized if the transaction was successful with correct cvv and expiry and otp. so you dont need the details next time you use the card.
Basically for tokenized card, you don't need cvv but some ecomm websites like amazon and many other apps don't want to spend some extra efforts to remove the cvv fields and implement a separate logic.
if you use zomato, you will know that you don't need cvv for tokenized cards.

 

[shrewdoc]

That's completely messed up. Removes a massive layer of security. Earlier if you put in the wrong CVV the transaction would not go through.

Did RBI not know about this before they mandated tokenisation?

You have extra layer as OTPs.

But I feel what you mean. CVVs should have been placed as an 2FA as in combined with CVVs and the generated 2FA, it should provide a Unique Key or Token which should then be used for the transaction. But thinking about it, it would be too complex and poorly efficient way for the banks imo.

 

[drsel]

I guess the hackers simply logged into his email and then found his Accor account and then did a forgot password /password reset

 

[drsel]

Did he by any chance sell an old laptop?
because that will have all the emails and passwords Stored on it,.
Even if the laptop is completely dead, the hard disc can be copied

You should never send your old laptop.
better to keep it in your cupboard or loft as junk

 

[imuntitled]

You should never send your old laptop.
better to keep it in your cupboard or loft as junk

i use file shredder

 

[joshuatree]

Did he by any chance sell an old laptop?
because that will have all the emails and passwords Stored on it,.
Even if the laptop is completely dead, the hard disc can be copied

You should never send your old laptop.
better to keep it in your cupboard or loft as junk

Not true. There are many tools available--data destruction software programs, also called disk wipe software or hard drive eraser software. Many are free and give you many options to wipe your disk before you give it to someone or sell it. I use them when returning a laptop to office IT too. Many give you multiple ways of wiping your disks with some military standard wipes too. They take time (around 5-6 hours easily, some can take much more). You can run the software multiple times too.

Here's a recommendation from the experts too: https://www.pcmag.com/how-to/how-to-wipe-your-hard-drive

Do remember -- in a low-income country like India reusing old computers /laptops is how many get access to a computer. So selling or giving away your laptop after wiping all your data and then reloading the OS is a good thing and also gets you some money back.

 

[Prav]

I guess the hackers simply logged into his email and then found his Accor account and then did a forgot password /password reset

Yeah high chance of this
Coz in every accor mail they write number of total available points at the bottom of main content

 

[dmittal]

No otp came in may mail but that time several spam mail came on my email.

This is a common technique hackers use to drown out the otp email notification you get on your phone

 

[Nikhil jain]

Points have been refunded , Thank you all for the support.

 

[telescope]

Points have been refunded , Thank you all for the support.

A very good news brother. Happy for you.