Internet thieves put stolen miles toward their big vacation plans

Apparently unsatisfied with American travel habits, as recently reported, internet thieves are stepping in.

News from United Airlines and American Airlines tells us that some wanderlusting troublemakers used stolen account information to book flights and upgrades using frequent flyer miles. No hacking was involved, they say—the thieves used usernames and passwords obtained elsewhere, "hoping that the login information would be the same"—and that means no credit card information was compromised. It also suggests that the end game in a high-profile and very worrying security breach may well have been a lie-flat seat.

Where the thieves booked their dream holidays is, for now, information unavailable to the public (maybe they used the New York Times list?), but a rough approximation of the number of flights booked is on the record. By way of Yahoo, evidence of unsolicited mileage redemptions turned up in "up to three dozen accounts (United) and "two [known] cases" (American).

Yes, American also shared that "about 10,000 accounts were affected," but that is nowhere near the number of hearts Japan Airlines had to break when up to 750,000 of its frequent flyer members had personal data stolen back in the early fall. Nor it is as amusing as All Nippon Airways' March admission that 11 of its account holders had their miles redeemed, by unsolicited hands, for iTunes gift codes. And in the end of this most recent saga, no United or American miles will be lost by anyone affected.

The larger truth here is that by bringing their commerce to the wild internet frontier, airlines, like similarly inclined entities in all theaters, must be proactive in their fight to keep their customers' vitals safe. More security, more login steps, more prompts seeking the name of your cat—it may be annoying, but it's all worthwhile.