Recently, one of our members, Nikhil, posted about a fraud incident that happened to him. His Accor account was hacked, and about 130,000 Accor points were used to order a mobile phone to a German address [Original Report Link: Click Here ]. After his post on the TF Community, I shared this on Twitter (X). Fortunately, Nikhil got his points back. However, I have received a few more DMs from some X users reporting that their accounts were also hacked recently, and they are fighting to get their points back. This raises a serious question mark about Accor's security system. How can Accor, one of the biggest hotel chains in the world, not make their security system strong enough to tackle hackers?
I'm mentioning three reports here:
These incidents raise serious questions about Accor's security system. Accor sometimes blocks genuine customers' accounts just for accessing them from a public Wi-Fi connection or from a different location. But how is Accor not blocking these hackers?
Questions Accor Should Answer:
I'm mentioning three reports here:
1. Aruj, an X user, reported that his account was hacked and about 59,200 points were used to order some items to a German address.
2. Sane, an X user, reported that his Accor account was hacked, his email ID was changed, and about 376,000 points were redeemed to order some items. He changed his account password, but the hacker still accessed his account because it was logged in earlier and we don't have an option to log out from all devices. He changed his email ID, but the hacker changed it again. He then changed his email ID 13 times, and the hacker changed it each time. Yet, Accor's system did not flag this as unusual activity. Amazing!
3. Himir, an X user, reported that his account was also hacked.
These incidents raise serious questions about Accor's security system. Accor sometimes blocks genuine customers' accounts just for accessing them from a public Wi-Fi connection or from a different location. But how is Accor not blocking these hackers?
Questions Accor Should Answer:
- Why don't we have the option to log out from all devices?
- Why don't we have two-factor authentication?
- Is changing the email ID repeatedly not considered unusual activity?
- Is there any data leak from Accor? How are hackers managing to access multiple Accor accounts recently?
- First of all, change your Accor account password. If there is any data leak, this might prevent your account from getting hacked.
- Check your account regularly, at least until Accor starts offering a 2FA system.
- If you notice any fraud, immediately report it to Accor. If the hacker orders something, contact the store as well and report it as fraud.
