Back in April, we started hearing from readers and travelers that Hilton Honors points were being stolen through Amazon. Somehow, Hilton Honors accounts were being fraudulently linked to an unknown Amazon account, and their Hilton points were used to make purchases via the Hilton and Amazon shop with points feature.
Months later, it's clear the situation hasn't been resolved. We still hear from users almost daily that huge sums of Hilton Honors points had been taken from their accounts. And though many report some success in getting those points restored, there's an ongoing problem.
But not according to Hilton. In a statement to Thrifty Traveler, the hotel chain urged any member who has had points stolen from their account to reach out to Hilton at 1 (800) 548-8690 or through the Hilton Honors Support Page. They vowed to “investigate and make the member whole,” but suggested these issues are relatively minor.
“We ask you to keep in mind the context of our 89+ million member program, as we don’t want to create the incorrect impression that our systems have been breached or there is a widespread issue,” a hotel chain spokeswoman said.
The Hilton spokeswoman did not respond to several questions about the scope of the issue and how many accounts may have been affected.
How are Hilton Points Being Stolen?
Hilton has a massive reach, so what qualifies as a “widespread issue” is relative. But it seems clear that many users have logged into their Hilton accounts only to find a stash of points has been stolen. It's not an isolated problem.
While Hilton has vowed to restore points for affected users, it's unclear how long that process takes – we've heard from many travelers who are still waiting weeks later.
The problem goes back to the ability to use Hilton points for purchases at Amazon, one of several changes Hilton made to its Honors program back in 2017. By linking your Hilton and Amazon accounts, you can buy things on Amazon by using Hilton points at a rate of 0.02 cents each – so 500 points = $1 on Amazon. This is a poor value and we wouldn't recommend using Hilton points on Amazon.
But here's the big issue: There is nothing stopping you, or any user, from linking a Hilton Honors loyalty account to an Amazon account with different names. It seems hackers gain control of Hilton Honors accounts, then connect a different Amazon account. From there, they can use the points to shop on Amazon.
If that happens, users get the following email, and shortly afterward, all of their Hilton Honors points disappear as they are used to make purchases via an unknown Amazon account.
The simple solution here appears to be a verification process to ensure the owner of the Hilton Honors and Amazon account are the same person. It seems that's not in the cards, at least yet.
The Hilton spokeswoman encouraged members to “protect Hilton account information the same way they would an email or bank account, which includes reviewing account transactions on a regular basis and using strong passwords that are frequently changed.”
How Can You Protect Yourself?
Because hackers appear to be accessing Hilton accounts, we strongly recommend updating your Hilton Honors account password. It's hard to know for sure, but these hackers may be gaining access to Hilton accounts from a past data breach, perhaps exposing different accounts where users have the same login credentials as with Hilton. Updating your password should help stop this problem in its tracks.
Unfortunately, through our research, you can have multiple Amazon accounts linked to the same Hilton account, so proactively linking to your Amazon account won't be enough to stop the potential theft of your Hilton Honors points.
Bottom Line
The scope of this breach is a mystery, but it seems obvious there is a serious problem here. Months later, we still constantly hear from readers about points getting stolen.
Make sure to update your Hilton Honors account password as that appears to be the start of the fraudulent activity.
According to this flyertalk post, only linking ONE Amazon account is not enough
edit:
forgot to paste link
https://www.flyertalk.com/forum/31017067-post9.html
Thanks for the heads up. I just tested this with my wife’s Amazon account and my Hilton account and you can definitely like more than 1. Yikes. I have updated the post to reflect this.
Just woke up this morning- 400k points missing! Received the same email listed here. Called Amazon and they are pretty much clueless. Will try to reach out to Hilton, and see the explanation.
https://thriftytraveler.com/hilton-honors-amazon-points-stolen/
Please refer to the original article and all the responses. I’ve had nearly 1 million points stolen on Amazon. It’s been over a month, no response, and no being made whole. I was finally assigned a case number. Amazon acts as though they’ve just heard of it, but Hilton Honors is not in the dark. Unfortunately, the fraud investigations must begin with them. If you partake in social media I would tell your story. I’ve been doing that. In the meantime, HH is in no hurry to restore our points. It’s very distressing as I was going to use my points for a vacation, which I’ve never had. All these years of loyalty to Hilton Hotels – down the drain – for now.
Clearly, this IS a wide-spread AND on-going problem. It just happened to me this weekend–over 800,000 Hilton points fraudulently used to make purchases on someone else’s Amazon.com account. I’ve never even linked my Amazon and Hilton accounts. How can this happen from a relationship between two companies as large as Amazon and Hilton? I feel inclined to forever sever ties with both after this avoidable security debacle.
I have had the exact opposite going on since around June 23rd with their AMEX points linking. Several times since that day, I have been able to see someone else’s AMEX card in my account set to default pay with points. I kept removing it and resetting my password per Amazon because they continue to tell me is an unauthorized user getting access to my account. I have since set up the two step authentication, so I can’t even get in my own account without the code to my cell phone. I woke up this morning to more emails for “my gift card reload” and could see the AMEX in there AND the ability for me to make purchases to it or use the points, which is a huge security issue. If I had gone in not checking and just made a purchase for something I needed, it would have default billed to that AMEX, which is a security issue I want no part of. Note – whomever this is, they have not altered my account information in any way, have not changed the billing address for this card from my address, so I would think that payment would fail card authentication with merchant service if they actually hacked into my account and entered this card information, leading me to think this is more of an account linking issue with their points partners. The gift card purchases are for small amounts and as if gifts for co-workers or something coming from a business account. I have already wasted so much time with Amazon and the answer is always the same, that an unauthorized user must have accessed my account. Today, I “unenrolled” the card first and then removed it in hopes this stops.
I have had points stolen twice now. The first time is was 620K points. It took me a month, 7 emails and 4 phone calls to get the points back. Two days ago 670,000 points were drained. When I called, they acted like I had done something wrong. I don’t even have an Amazon account. I never asked for them to add Amazon to my Hilton account and now I have to spend my time lobbying to get back the points I earned by being loyal to a brand.
Happened to me this week too. The first time I called the diamond agent touted their new 2FA they were”testing out”, but it’s only used when you call into customer support, not when logging into your account, so not very useful. I had already linked my Amazon account to prevent something like this from happening only to discover you can link your Hilton account to 3 different Amazon accounts.
Even if this was a breach, I doubt it came from an external source as the hackers would plausibly have your password if you used it for multiple accounts, they would still need you HHonnors account number to log in.
I spoke with another Diamond agent today because I needed to know exactly how many points were stolen for whenever they are returned. She actually admitted to me that this is a significant and widespread problem for Hilton after the first couple skirted around the question.
I lost over 500,000 points on Friday via the same issue. Trying to work with Hilton Fraud. Like others, I had planned to use some for 2 upcoming trips. If anyone else has helpful steps to successfully restore their points, I would greatly appreciate it. le
Just be on HH Fraud Dept. like a dog with a bone. They restored my points after about a month or more. They should sever their relationship with Amazon. This arrangements seems with as much holes as the Titanic, and Amazon will tell you they can’t see the linked account so you have to start with Hilton. Good luck.
I have just found out that this happened to me.. 700K . I have never redeemed points for Amazon purchases.
Same here… Linked my Hilton Honors account to an Amazon account and stole about 200k points. All in the span of 30 minutes or so. I contacted Hilton Honors to open a case. We will see how it goes.
It’s been a month since mine were stolen and reported, other than the ” we resolve fraud claims in 7-10 days automated email” I’ve heard nothing from the Hilton camp. I reported within 2 hours of them being used. It was nice of the thieves to leave me with 2 points though.
I just found out today that I lost 1,600,000÷ through this hack! Fingers crossed my points get restored. You would think this is costing HIlton enough that they would have done something about this by now.
Class action lawsuit against Hilton for fraud. This is not weak security, this is Hilton stealing from their customers. Will be retaining legal counsel to sue Hilton in court if my points are not immediately given back and Amazon redemptions are blocked. All transactions are logged and if we subpoena records, we will find no Amazon transactions were made or they were laundering thru Amazon to keep points redemptions off the balance sheet. I have let the CEO know in email and have contacted the FBI Internet crime center as well. A simple test is if my points get immediately returned and Amazon is removed till the security issues are fixed. I believe it is fraud by Hilton as there are way too many complaints on this matter. I also will complain thru BBB as well as other avenues till points are returned.
Hello, this is not Hilton’s fault. I know where and how these people get their points from. There are plenty of discord servers, telegram servers, websites, etc. where people crack Hilton honors accounts and sell them. People then buy them thinking they aren’t doing anything wrong and they’re just getting a cheap Hilton account. They are extremely cheap as well: 350k points only costing about $140 which = $700 on amazon.
Still happening… about 300k points gone. It seems Hilton is getting better at retuning these points but still doesn’t solve for the larger issue and fear of a breach. You have to use login credentials to link to Amazon- which tells me they have access to personal and financial info as well.
Just lost 450,375 points this morning and noone will answer why this is still an ongoing issue. Bonus, my account is suspended until they “verify” the fraudulent activity.