Hilton Amazon Hacks
Recently there has been a steady stream of Hilton Honors members posting very similar experiences on social media. After building up a decent bank of points, they have checked their accounts only to find that someone has hacked the account and transferred the points balance to an Amazon account. In some cases hundreds of thousands of points have been taken. If you’ve landed on this post because this has happened to you, then thankfully the standard experience seems to be that once you report it to Hilton, they eventually restore the points (possibly with a new account number). However, clearly it’s far from an ideal situation to be in.
Protect Your Account
In the short term it’s not clear what Hilton are doing to prevent this. However, there are a few things you can do which will likely reduce the chances of it happening:
1) Link your Amazon account to your Hilton Honors account.
Whilst it’s never worth using Hilton points to shop with Amazon (because the value is so poor), it is worth connecting the accounts. This is because you can only link your Hilton account to one Amazon account (and the linking is done via Amazon) – which means, once your own account is linked, any potential hacker would have to access both your Hilton AND Amazon account to change the link to another Amazon account. That’s a lot more hard work and likely greatly reduces their chance of success.
To do this, go to ‘Shopping and Dining’ under the points menu on Hilton Honors and click the Amazon option. This will take you to the relevant Amazon page. When you link the accounts remember to untick the ‘use points automatically’ box – or your Hilton points will be used as your default payment option on Amazon.
Edit/Correction – So, thanks to a share on a site in the US, my tiny UK blog has had a months’ worth of traffic in one afternoon! One visitor has pointed out that it may now be possible to add to more than one account, so I have checked this. Hilton confirmed that you can actually link up to 3 family accounts, so in theory to use this method to ‘block’ someone being able to connect to their account, you would actually have to do this three times (more effort – so it depends how worried you are about those points!). Thanks for all the visits and apologies for the error…
2) Turn on Hilton’s Two Factor Authentication
Turning on two factor authentication means that for certain actions you will receive a code by text to verify it’s you. This means not only will the hacker need your Amazon and Hilton account (as above), they’ll also need access to your mobile phone!
To do this go to ‘Enhanced Security’ on the account menu. You’ll receive a code in order to verify and switch this on.
3) Update your password
Finally – the obvious one… If your password is ‘Password123’, then change it to something more secure!!
If you’ve had any experience of this then let us know in the comments. If not, then hopefully the above will help protect your account – and hard earned Hilton Honors points!
Get 20,000 Hilton Points with an American Express Gold Card…
Like this post? Why not follow the blog to keep up to date with other articles? You can follow by email (use the box at the bottom of the page on mobiles, top right on desktop) or on Facebook and Twitter.
It would also be great if you decided to hang around and check out my other posts via the homepage.
Earn more rewards with our referral codes including Booking.com, Igloo Energy, Monzo, Costa Coffee, Monese, Ola, American Express, Crypto Refer, We Swap and Just Park HERE
Is that a joke? I’m not giving hilton and amazon access to more of my data now that they’ve proven they lost it.
Thanks I didn’t know they had two factor available
Thanks for the detailed post. Just FYI – I am able to link my Hilton Honors to more than 1 Amazon account. I did this for my son’s account and for both accounts, I did this in the Amazon’s “Shop With Points” section.
Thank you for this – I’ve checked this and you’re correct, you can now actually link up to 3. I have added a correction note above.
I may be wrong, but I think there is a disconnect here. One HH account can be linked to three Amazon accounts. But can more than three HH accounts be linked to a single Amazon account? If so, adding three HH accounts to an Amazon profile would not stop a thief from adding a fourth.
As I understand: The maximum is 3 in both cases. So, for example, if you linked your HH account to your Amazon account, your partner’s Amazon account and a third you’d set up on a different email, it shouldn’t then be possible for someone (e.g. a hacker!) to add your HH account to another Amazon account.
Hilton Honor 2FA currently appears to be just smoke and mirrors. It hasn’t triggered when members perform actions that a typical attacker would. See posts in the past 2 weeks on https://www.flyertalk.com/forum/hilton-hilton-honors/1964813-hhonors-points-stolen-through-amazon-com-10.html#post31436658
This is worse than fake security cameras that are basically a plastic dome with a blinky LED. At least the latter does work for some classed of criminals.