Thought I would share just to spread the word. I love how they explain the hackers could get your full name, payment card data, date of birth, email, phone number, physical and/or billing address and gender. Then they go on to say, hey, but they didn't get your social security number or passport.
1. Nothing at the link for anyone who is not an American Express card holder.
2. The larger general question is if the hack of Orbitz applied to all of Orbitz, and not just Orbitz business with AmEx, and if so the potential compromise exists for anyone who has been booking with Orbitz; not just AmEx card holders.
well, this certainly explains why i received an email saying a new Orbitz account had been opened with my email address, even though that email had been associated with a very old Orbitz account I hadn’t used in nearly two decades.
I immediately used their password recovery features to re-enter the account and found “Doug Johnson” had tried to take control. Calling Orbitz was next to useless. Their foreign workers were pretty clueless in general and clearly clueless about a system-wide hack. they claimed I had no account with them before the hack, etc. At any rate, I did get them to shut the account down, plus, given their HORRIBLE customer service, I’ll never deal with them again.
A similar thing happened with my Netflix account (which I DO use) a couple of weeks before the Orbitz one, which got me mildly paranoid that there might be malware on my laptop, but given my precautions and scans that seemed unlikely.
I suspect the Netflix hackers used the data from the Orbitz hack to get into my Netflix account.
At least smart companies send out emails when the primary parameters of an account are modified.
BTW, a lesson learned earlier: never, ever leave a credit card on record if at all possible. I had a newegg account hacked a few years ago and the hackers bought a (supposed) non-refundable gift card with the CC on record. I then removed all the on-file CCs I could from that and all other accounts.
Another lesson: whenever possible, especially with financial accounts, do not use obvious personal information for the login ids and always use a different password for every account, no matter what. I now use long, difficult passwords, but use a program called Roboform to keep track of all of them.
