If you can’t remember the last time you changed the passwords on your loyalty program accounts, it’s time to make some password updates—or risk being hacked.
As The New York Times reports, hackers are increasingly targeting consumer loyalty programs. These hackers claim our airline miles or hotel points and use them to book free flights or stays, in part because our weak passwords make it easy for them to steal our rewards.
Loyalty programs are “almost a honey pot for hackers,” said Kevin Lee, a risk expert for the digital security firm Sift. They tend to be, he said, “the path of least resistance”: easy to sign up for, shielded by flimsy passwords and often neglected by users. The programs, and their appetite for data, have grown, but security has not kept pace.
Hackers don’t just target high-value travel rewards, either. The NYT reports that one man had 9,700 Buffalo Wild Wings points stolen. According to BWW’s Blazin’ Rewards site, that’s enough for nine free lunches (not counting tax and tip) and one free order of street tacos.
Although some loyalty programs will replace your rewards if you report them stolen, it’s still a good idea to use strong passwords every time you sign up for a rewards program and change those passwords on a regular basis—or install a password manager that’ll handle a lot of the work for you.
After all, you don’t want someone else enjoying that flight, hotel room, or plate of street tacos you rightfully earned.