Asia Miles to introduce new passwords following cybertheft

Members of the Asia Miles airline loyalty programme will be asked to set tougher passwords after the company reimbursed passengers who fell victim to cybertheft.

Members of the scheme will be asked to set passwords involving both letters and numbers, instead of the present six-to-eight digit numeric passwords.

The move follows the arrests of four Hong Kong residents in January in connection with the theft of 4.7 million miles and gifts worth HK$100,000 from 121 Asia Miles accounts. No further arrests have been made since, police said yesterday.

In a written reply to the South China Morning Post last night, the company said the alphanumeric password format would be introduced in the second quarter of this year, as part of tighter security measures in view of "the suspected fraudulent transaction cases".

A source in Asia Miles told the Post an internal investigation would focus on at least two areas, including an internal data breach and members being duped using digital methods.

One unhappy member, Sam Hon, lost 110,000 miles in two separate hacks - with 80,000 miles used to redeem a return ticket to Milan on January 28, followed by 30,000 miles transferred out of his account on February 11.

"In both cases, the miles were transferred to people whose names follow the [Putonghua] spelling," Hon said. "Over the past week or so, [Asia Miles] have refused to reimburse me the miles, saying the company has no such policy."