JetBlue Account Hacked & Lessons Learned
It is one of the worst possible feelings ever! Have you ever tried to login to a valuable travel rewards account only to find your password doesn’t work? Then gone to reset the password only to find your email address is not on file? Well, that is exactly what happened to me with JetBlue because my account was hacked.
Going For The Mosaic Status Match
I don’t login to my JetBlue account all that often now that the Amazon partnership is mostly dead. Earlier today though I decided to login to confirm my account number for the Founderscard Mosaic status match. When I went to login as mentioned above my account was simply gone.
JetBlue Account Hacked – Doing Some Research
Since my JetBlue TrueBlue account is linked to my wife’s via family pooling, I was able to login to her account and see the activity in our family. The first thing I noticed was a huge redemption for flights from JFK-SFO. Someone wanted to fly Mint really badly!
At this point I knew that I needed to get on the phone with JetBlue. After explaining my situation to a front line rep, she politely confirmed my information and stayed on the line while she warm transferred me to a specialist. JetBlue’s customer service really is top notch in my opinion.
JetBlue Account Hacked – Getting It Fixed
Once on the phone with the specialist, I was informed of what happened. Someone logged into my account and made the above redemptions. Since the name was different, JetBlue flagged the fraud, cancelled the flights and returned the points. They then proactively changed my email address so the hacker couldn’t access the account.
While JetBlue does have the name used to book the ticket, it is possible that it was a fake name. Since ID is almost never checked at the gate for domestic flights, the person could have planned to enter through security with another boarding pass before using the expensive JetBlue flight. Who knows, but I’m just glad I now have my account (and almost 500K points) back.
JetBlue Account Hacked – Lessons Learned
On this account I used a very secure password, but it was a password that was shared with other accounts. Last year I switched to Lastpass and have been updating all of my accounts to even more secure unique passwords, but alas I hadn’t done that yet with JetBlue. Lesson learned.
With so many data breaches happening constantly, I believe now more than ever it is important to use unique high quality passwords on each website and a password manager to easily store them. I was hesitant to do this for awhile, but am so glad I switched last year. Now I just need to make sure I switch over the remaining accounts without a unique password.
Have you ever had one of your loyalty program accounts hacked? What happened? Feel free to share in the comments!
 Chase Sapphire Preferred® Card
Chase Sapphire Preferred® Card is the old king of travel rewards cards. Right now bonus_miles_fullLearn more about this card and its features!
Opinions, reviews, analyses & recommendations are the author’s alone, and have not been reviewed, endorsed or approved by any of these entities.
Happened to me today! Last week I got an email that the email address on my jetblue account had been updated. I immediately called (within a half an hour) and they were able to correct it and told me my points were safe and in my account. Fast forward to today and someone redeemed 112k points. Turns out, in that half an hour, they’d added themselves to my points “pool” and checked the box to allow them to redeem the points. I just got off the phone with Jetblue and they’re working on cancelling the person’s flight (today) and assured me my points will be restored. They’re going to call me back to change my email address as well. I can’t believe they allow an email address to be changed without confirming and that their agents don’t know to check that no members have been added to the pool when someone calls to report this type of fraud. It didn’t occur to me, but sounds like it should have occurred to them.
happened to me too….jetblue has a problem
Hi,
I just had a similar experience around the September, 2018 where my JetBlue account was hacked, password reset, and email address changed. Fortunately, I didn’t have any of my miles stolen.
I got in touch with JetBlue and they sorted out my account, and even encouraged me to change my email address so that the attacker would not receive an email with an accurate new email address.
But what I’m wondering is if there is a systemic vulnerability at JetBlue and started looking on the internet to find recent reports of this. So if you have seen this happen to you, please do leave a comment here. I’ll compile and get in touch with JetBlue via twitter to see if they can investigate, identify a vulnerability.
Happened to me today. I logged in to my Jetblue account to see about making reservations to San Diego and I noticed that my points had dropped from over 35,000 to just 9500. WTF??? So I started the online chat with a representative and she told me to call Jetblue. Jetblue was extremely helpful in resolving this and yes they had a name on the ticket from JFK to DEN but she told me that it is very possible that those points were sold to that person and that person may not have been the person who hacked my account. I don’t think there’d be any difference in the person who stole my points vs the person who illegally bought them. Just my opinion. Anyway.. I changed my email address and password and will be more vigilant.
[…] this week, I read this post about how Shawn, from Miles to Memories, found out his JetBlue account was hacked. It made me think […]
I highly recommend running your email addresses through this tool to see if your passwords have been leaked: https://haveibeenpwned.com/
[…] was expecting yet another post on how an IHG Rewards account got hacked but it..JetBlue this time! Impressed with how JetBlue handled […]
How stupid would somebody be considering that the person named would get nailed easily at the airport or soon after?
I like your theory on the fake name, but if he/she was planning to get in through security with another boarding pass, and the gate usually doesn’t check ID, then why wouldn’t the person just use your name on the reservation so it would be less likely to be flagged?
Good point. Who knows how it all works, but this seems to be happening more and more often.
I was hacked today, in a very similar way, and whoever got access to my account actually DID use my name on the reservation. JetBlue service was excellent and got me my points back. I’m using 1password and generate unique passwords for everything but JetBlue was one of the sites I haven’t done that yet, so not too surprised it was hacked.
that happened to my Hilton Honors account too. I didn’t have too many points in there but it was still a violation. I was notified that my email was changed but got really busy at work that I totally forgot to check into it until after I got home and that’s when I realized my points had been transferred out. I’m not sure if this had any correlation but this happened after I signed up for Awardwallet and liked my Hilton account. They gave me my points back and changed my account. I was in the process as well of changing my passwords but hadn’t gotten to my Hilton account yet when they got into it.
I got hacked too. I had a million Delta miles and then one day Delta made them all worth half as much with no notice.
Nice 🙂
Good one!
So glad you got all your points back! What a terrible experience to go thru.