Yesterday afternoon, I noticed an email from Hyatt regarding my upcoming stay.
At first, I thought that maybe Danielle was planning a surprise, but I know I’ve trained her well enough that if she was taking me to Hawaii, she’d book a stay at the Andaz Maui, rather than the Grand Hyatt Kauai. Duh.
A follow-up email from Hyatt confirming changes to my contact information confirmed my hunch: I’d been hacked. My email address, mailing address and password were all updated on my account, and I’d been locked out of making further changes.
Of course, my first fear was the safety of my points. But I also was worried about other non-refundable stays being made in my name. As nice as a trip to Hawaii would be right now, I’m not really in the mood to drop $5,000+ on the Grand Hyatt next week.
So I called up World of Hyatt, and explained what happened. I was asked to confirm my identity, again, and then again. Problem was, their details about me were now changed, so I looked to them like the hacker, rather than the hackee. I gave my information a final time, and then sat on hold.
Twenty minutes later, the representative came back, said she thought she’d figured out what happened, and informed me I was being transferred to her colleagues. We parted ways, and I said hello to Karen.
Karen clued me in: I was not hacked. In fact, someone with my name, from Colorado, who is a real, seemingly well-intentioned person, had called Hyatt earlier in the afternoon, looking to book a trip to Kauai.
And for reasons beyond anyone’s understanding, he had been connected to my World of Hyatt account. The representative speaking with him had not tried to confirm his identity, and, instead, just changed everything on my account.
An honest mistake, it seems, except that an hour on the phone later, Karen still was unable to fix my account details, to ensure that this was a one-time assurance, to apologize, and to send me on my way. And this was a serious mess-up, from my perspective. Not only did this other person have access to my World of Hyatt account, but that means he had the ability to book stays with my credit card!
Past the hour mark, I’d had enough, and wanted to get off the phone. Karen assured me that she would personally fix everything and follow up to confirm. This morning, low and behold, nothing was changed, but, at least, I was finally able to gain access again to my account, and promptly changed all my information back, and updated my password.
I have reached out to World of Hyatt for an explanation and an apology. In the end, it seems, no permanent damage was done, but this was a serious lapse by an unknown representative, and as a Globalist with World of Hyatt, I would at least like a proper apology for my wasted afternoon.
Moral of the story: be safe out there, point-hackers! If you get an email from a company that your information has been updated and you didn’t make the change, look into your account immediately!