We’ve been seeing an increasing number of reports recently of Alaska Airlines Mileage Plan members having their accounts hacked and their points balances wiped out by unauthorized redemptions. If you’re sitting on any kind of balance in your Mileage Plan account, this is something that’s important to be alert to.
For example, we saw this report by Amol in the Frequent Miler Insiders Facebook group a few days ago:
Check your Alaska Airlines account security — I almost had over 500,000 miles stolen today!
Today I got an AwardWallet notification that my balance went down by over 500,000 miles and that there was an upcoming reservation on it. Someone had taken my miles and booked two people a last minute business class award on Qatar from the USA to Doha to China. Luckily I had about 7 hours before check-in so I immediately called Alaska Airlines but there was a 1-hour wait. I was able to log on to my Alaska account and cancel the tickets and get my miles back, then change my password. I finally got a call back from Alaska 2 hours later and reported the reservation details.
My guess is that someone has had my account information for a while, but in the past 2 weeks, I have transferred Amex to Hawaiian and pooled all my family’s Hawaiian/Alaska miles into my account — with the inflated balance, my account was now able to book multiple partner international business standard level mileage awards. I didn’t get a single notification from Alaska – not an email, app notification, or 2FA (which they don’t have). I urge everyone to check your Alaska password security and consider changing it particularly if you have a large inflated balance.
Amol isn’t the only one to have recently reported similar shenanigans by scammers who’ve managed to compromise people’s accounts, so it seems like there’s a spate of these unauthorized redemptions. It wouldn’t surprise me if part of the increase of instances of this happening are a result of people holding larger balances of Mileage Plan miles right now, particularly courtesy of the ability (until recently) to transfer American Express Membership Rewards to Hawaiian Airlines and then on to Alaska.
I’d encountered this same issue myself, although my experience was just over a year ago. I’d gone to book a couple of business class tickets from the US to the UK in May, only to find my account with a very low balance. At first I was kicking myself, thinking I’d let my miles expire. However, when checking the activity on my account I noticed that there were three Mileage Plan Hotels redemptions, all on the same day in February. Based on other reports from people whose accounts were hacked, the redemptions that take place are last minute bookings, usually for premium cabin flights. The reasoning for that is that it gives less time for the legitimate account holder to notice the missing miles and have those reservations cancelled.
On my account, rather than booking premium award flights, someone made several hotel bookings, presumably last minute for Valentine’s Day.
I didn’t notice these redemptions until a few months later, so it was too late for me to cancel those redemptions. I reached out to Mileage Plan to report that my account had been compromised and that someone had redeemed the majority of my miles. They offered to reinstate my miles provided I could provide a copy of my driver’s license or passport showing my legal name, along with a four digit PIN to secure my account in the future. Those documents could be mailed, faxed or emailed, so I emailed them over to speed up the reinstatement of my miles. In the meantime, I changed the password on my account. It took a full week, but Alaska did eventually reinstate all my missing miles which I appreciated.
As part of the process, Mileage Plan placed a restriction on my account which prevented me from being able to redeem my miles online in the future. In order to make a redemption, I’d have to call. That’s not ideal because if you spot some kind of rare award availability, every second can count. Having to call to get your account unlocked and make a redemption could potentially mean missing out on that availability. Alaska did state that the restriction could be removed from my account, but they warned that if my account was hacked in the future and further unauthorized redemptions occurred, they wouldn’t reinstate my miles a second time.
What’s a little frustrating about all this is that Alaska doesn’t offer two-factor authorization on your account. Instead, all someone needs is your email address and password in order to access it. Considering how many data breaches there have been over the past decade, if you’ve used the same email address and password with both Alaska Airlines and at least one other company, your account is even more susceptible to being hacked.
At the very least, you should ensure that your Alaska account has a unique password. In the absence of two-factor authentication, it could be prudent to do what Amol had done and monitor your account balances via Award Wallet. That way you can be notified in the event of any redemptions that you didn’t make, hopefully alerting you in time to cancel them and get the miles reinstated with fewer hassles.
Want to learn more about miles and points? Subscribe to email updates or check out our podcast on your favorite podcast platform.
Same thing happened to me about a month ago!
Thanks for the alert, and sorry to hear about all the people getting their accounts hacked… This has prompted me to go in and make the speculative bookings i was thinking of but haven’t made yet, so that my balance is too low now for any international redemptions.
This happened to me today. Luckily I was checking my account frequently due to an upcoming trip and was locked out so I immediately called. The person had booked a flight and checked in, but the f flight had not boarded. I so hope they arrested the person.
My guess is that the people flying on the fraudulently booked tickets aren’t aware of how it was booked. I imagine they’re buying the ticket from what is, to an extent, a points broker who’s redeeming points from compromised accounts.
Thanks for the alert. Just checked my account and their was 2 1st class tickets booked from TPE to LAX. Cancelled them and changed my password. Thanks
Whew, glad you caught it in time.
My account was also hacked 2 weeks ago….its been a week since I sent in all the documentation but still no movement on my account….I called Alaska and they said they are really backed up so Im assuming you’re right and this is happening a lot lately.
Sorry to hear that you got hit too – hope it gets sorted out soon.
It is completely unacceptable in 2025 for an airline to lack 2FA, especially when they have had a history of fraudulent activity on accounts. If I was a stockholder I would not be happy.
I might need the hacker’s help to get into my own account. I can’t seem to pass the multiple CAPTCHA hurdles required to login. Thank goodness for the app.
Exact same thing happened to me and had to go through same process afterward. FYI, Alaska Mileage Plan service desk is NOT open on Sundays so you can’t unblock your account on Sundays.
Of course, it could be that if Award Wallet has the ability to log in to a person’s account and Award Wallet is compromised . . .
Exactly why I don’t use these kinds of services.
I don’t think I’d ever linked my account to Award Wallet, so in at least some cases it’s been compromised in some other way