9 Responses to OK Hilton, gloves are off

  1. Pingback: Online privacy as a policy issue

  2. Heather Kalapodis says:

    I just called HHonors customer service and because I was unable to verify my PIN, I was asked to verify my password. I was shocked and appalled that this information would just be out in the open, available to any representative who wants to see it. I e-mailed them expressing my concern, but based on your post I guess I shouldn’t be expecting them to do anything about it.

    • T.Rob says:

      You are absolutely correct. Neither the PIN nor the password should be available in plaintext anywhere while in Hilton’s custody. Nor should a Customer Service Rep ever ask you to provide these. That is basic account management for the web and a perennial OWASP Top 10 problem. And yet, as you say and my experience shows, probably nothing will come of the report. But thanks for making the report just the same. Sooner or later they must realize we expect better and when enough of us report that they may perceive it as a market requirement.

      A guy can dream, right?

      Thanks for the read and the comment.

  3. Pingback: Hilton Customers At Risk of ID Theft, Blogger Alleges

  4. Lakendra Galimberti says:

    Identity theft is very rampant these days, we should always be careful when doing transactions on the internet.

  5. Pingback: Hilton Customers At Risk of ID Theft, Blogger Alleges | Credit.com News + Advice

  6. T.Rob says:

    Updated the post with yet another problem and screen shot.

  7. Jerry Heyman says:

    you either have LOTS of points with them, or their service is outstanding – otherwise why would you put up with all of this?

    • T.Rob says:

      Both of those and a few other reasons. As a consultant for the last 6 years I’ve traveled up to 40 weeks a year and staying at Hilton properties would have been unavoidable. Plus, there’s a workaround so it is at least possible to log in securely even over their open WiFi. But, quite frankly, the other chains all have their problems as well. For example, no Hilton property has ever flooded my room by way of the electrical fixtures in the ceiling. (video) And, as a security guy, it’s been my hope that by sticking with it I might actually get them to change it. It’s easier to do that as a Diamond VIP than as a non-customer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s