SEATAC, Wash. — A growing number of customers with Alaska Airline miles are reporting their miles disappearing from their accounts after an apparent hack.
Dozens of customers are taking to Facebook and Reddit, with responses flooding in of similar experiences.
Matt Cottingham found out months after his account had been broken into.
He went to buy a flight and found it had been locked.
After hours on customer service holds, he says Alaska Airlines told him his miles had been stolen, though they were refunded.
“The most frustrating part was they told me if it happens again, there’s a chance I won’t get refunded, and I’m like, ‘Well, how am I supposed to know if this happens? How do you guys inform your customers?’”
The representative didn’t have an answer for him. That was one of several questions KIRO 7 sent to Alaska Airlines regarding these apparent hacks.
None of the calls and emails were answered.
In Cottingham’s case, his 150,000 miles was worth around $1,950, according to a NerdWallet estimate.
Several users posting on social media shared similar experiences of long wait times and confusion about what went wrong.
Christopher Budd, a cybersecurity expert, thinks this may be unique to the airline.
“We are clearly in a heightened level of threat for Alaska customers,” Budd said.
Two things lead Budd to draw this conclusion. Unlike other airlines, Budd says Alaska does not require two-step or multistep authentication, where a sign-in with a username and password is accompanied by a code through a text, email or call.
“It’s much harder for attackers to compromise that third factor,” Budd said.
The other is maintenance or an upgrade to the Alaska Airlines website.
Budd says it’s made the website confusing, switching between the old layout and the new. Even he struggled to find where to change a password after about five minutes.
“The Alaska situation creates perhaps a better window of opportunity for the attackers because it’s hard to find where to change your password, so it’s hard to change your password, and Alaska, unlike other airlines, does not offer multifactor authentication,” Budd said.
Budd says people should avoid using similar usernames and passwords and use a password manager to keep track of them.
Cottingham says he is reconsidering his rewards.
“I was on the edge of holding onto that card,” he said, " I’ll probably be doing research after this on better options."
©2025 Cox Media Group
