How Lufthansa Makes It Easier for Hackers to Steal Miles

A hacker stole more than 25,000 miles from my Lufthansa Miles & More account last week. Based on previous experience when reporting fraud to other companies, as I called the Miles & More U.S. phone line, I expected either to be connected with their fraud office or to be contacted by them as soon as possible, in order to get to the bottom of the incident.

Almost a week later, I’m still waiting.

Many airlines have taken measures in the last couple of years to prevent hacking of frequent-flier accounts. Lufthansa’s Star Alliance partner, United Airlines, for example, used to allow logging into an account simply with a four-digit PIN code. It no longer does, having realized that hackers have ways of figuring out such a number — after all, the possible combinations are limited.

Lufthansa, however, seems not to have received that message. You can still log into a Miles & More account with a five-digit PIN code. That was what someone — a Russian hacker, apparently — did last Monday…