bhorv67 Posted May 19, 2023 #1 Share Posted May 19, 2023 This morning I received 3 email notifications from NCL confirming upgrade bids for an upcoming cruise that I didn't request. Each of the 3 bids were for the same dollar amount. Luckily, the bids were still in a pending status and I was able to cancel each from the emails I was sent this morning. I contacted NCL support and they concluded the requests were made outside of NCL's system - which means somehow my profile has been hacked. I changed the password just to be sure. Everyone - be aware, if you see any bids for upgrades you didn't request, be sure to cancel them right away. NCL was not any help in determining how this happened. I would also suggest to update your password if you haven't done so in a while. 1 4 Link to comment Share on other sites More sharing options...
TPgal Posted May 19, 2023 #2 Share Posted May 19, 2023 Thanks for sharing! Also if you use the same ID/password on other sites it would be time to change those as well. More often than not, the bad guys will try the name/password combinations on multiple sites. I know it's hard to remember all the different log ins but use a password manger like 1Password, or even the password saver on google/msft is better than using the same id/password combo on multiple sites. 1 Link to comment Share on other sites More sharing options...
Rare KeithJenner Posted May 19, 2023 #3 Share Posted May 19, 2023 It seems very odd for someone to do that though. I can't see what is in it for them. Maybe I'm missing something, but I would also consider that it could just be an IT error. Do NCL store credit card details? I don't think they do in the UK, so it seems a very odd thing for a hacker to do (i.e. try to upgrade your cabin and pay for it for you). As I say, I may be missing something here. 4 Link to comment Share on other sites More sharing options...
schmoopie17 Posted May 19, 2023 #4 Share Posted May 19, 2023 2 hours ago, KeithJenner said: Do NCL store credit card details? I don't think they do in the UK, so it seems a very odd thing for a hacker to do (i.e. try to upgrade your cabin and pay for it for you). You would think they would keep a credit card on file for returning customers/Latitudes members, but apparently they don't. Every time we book a new reservation, our PCC asks for the credit card info. Link to comment Share on other sites More sharing options...
Rare BirdTravels Posted May 19, 2023 #5 Share Posted May 19, 2023 Sounds more like a glitch in the bidding system than a security breach. The bidding is run by an independent company, outside NCL, that handle multiple cruise lines and airlines. 2 1 Link to comment Share on other sites More sharing options...
Rare Oceansaway17 Posted May 19, 2023 #6 Share Posted May 19, 2023 2 hours ago, schmoopie17 said: You would think they would keep a credit card on file for returning customers/Latitudes members, but apparently they don't. Every time we book a new reservation, our PCC asks for the credit card info. And this is a good thing as c c have expiration dates so no need to maintain Link to comment Share on other sites More sharing options...
WexIrl Posted May 19, 2023 #7 Share Posted May 19, 2023 Aye seems like an NCL/affiliate issue rather than an attack vector on your PI. Taking a step back and in considering 99% of people do not know how passwords are utilized beyond their input, it is safe to say if someone gained access to your passwords via a cracked string match including a bit of salt on it, there is no way they will utilize that access to make a bid for you..... they get no gain from it. Criminals in this space are there to make easy money for themselves, booking additional NCL addons is not in their interest. Just my opinion, but I would encourage you to regularly change your passwords, not a have the same password for all your accounts/logins, and not use a 'password manager'... because they also can be compromised too. Link to comment Share on other sites More sharing options...
fredkelk Posted May 19, 2023 #8 Share Posted May 19, 2023 4 hours ago, schmoopie17 said: Do NCL store credit card details? I don't think they do in the UK, so it seems a very odd thing for a hacker to do (i.e. try to upgrade your cabin and pay for it for you). They do store at least some credit card info. I have never been asked if it should be stored but have not had to enter info again when I was adding excursions to my cruise. Possibly the PCC stored it. I do use a cc not attached to my primary bank. I have a separate bank account I use to pay the card. Link to comment Share on other sites More sharing options...
RocketMan275 Posted May 20, 2023 #9 Share Posted May 20, 2023 21 hours ago, WexIrl said: Just my opinion, but I would encourage you to regularly change your passwords, not a have the same password for all your accounts/logins, and not use a 'password manager'... because they also can be compromised too. I have at least fifty accounts requiring passwords. Link to comment Share on other sites More sharing options...
pjc49 Posted May 20, 2023 #10 Share Posted May 20, 2023 I think they maintain CC # just for that res. I don't get ask during, but for next cruise I do. Link to comment Share on other sites More sharing options...
Rare eileeshb Posted May 20, 2023 #11 Share Posted May 20, 2023 21 hours ago, WexIrl said: Just my opinion, but I would encourage you to regularly change your passwords, not a have the same password for all your accounts/logins, and not use a 'password manager'... because they also can be compromised too. I have almost 350 ID/password combos in my personal account password manager and probably another hundred or so in the manager at work. There is no way I’m going to remember all of those and some of them have a requirement to change the password on a regular basis. Having to remember one or two complicated passwords is a heck of a lot easier than the alternatives. Link to comment Share on other sites More sharing options...
Anashoo Posted May 20, 2023 #12 Share Posted May 20, 2023 Yeah a password manager is almost essential today. If they ever make biometrics the actual password instead of just a way to access your passwords, I’ll be so happy 1 Link to comment Share on other sites More sharing options...
RocketMan275 Posted May 20, 2023 #13 Share Posted May 20, 2023 2 minutes ago, Anashoo said: Yeah a password manager is almost essential today. If they ever make biometrics the actual password instead of just a way to access your passwords, I’ll be so happy Most of the advice on passwords is absurd. Each passworkd- upper case, lower case, special character, number, at least eight characters, all random and don't use the same password in more than one place. Then they tell you not to write them down. They tell you to memorize a cute little ditty to remember the password by. OK, got it. Now I have fifty passwords. Do I need cute little dities to remember the fifty cute little ditties. Link to comment Share on other sites More sharing options...
ChiefMateJRK Posted May 20, 2023 #14 Share Posted May 20, 2023 11 minutes ago, RocketMan275 said: Most of the advice on passwords is absurd. Each passworkd- upper case, lower case, special character, number, at least eight characters, all random and don't use the same password in more than one place. Then they tell you not to write them down. They tell you to memorize a cute little ditty to remember the password by. OK, got it. Now I have fifty passwords. Do I need cute little dities to remember the fifty cute little ditties. You're a victim of corporate IT security my friend! 🤣 Been there, done that. In the grand scheme of things, passwords for financial accounts are the only ones that are all that important. My password for my local utility account? 🤣 God forbid that somebody hacks that and sees what I paid for electricity last month. 2 Link to comment Share on other sites More sharing options...
SeaShark Posted May 20, 2023 #15 Share Posted May 20, 2023 On 5/19/2023 at 10:43 AM, bhorv67 said: This morning I received 3 email notifications from NCL confirming upgrade bids for an upcoming cruise that I didn't request. Each of the 3 bids were for the same dollar amount. Luckily, the bids were still in a pending status and I was able to cancel each from the emails I was sent this morning. I contacted NCL support and they concluded the requests were made outside of NCL's system - which means somehow my profile has been hacked. I changed the password just to be sure. Everyone - be aware, if you see any bids for upgrades you didn't request, be sure to cancel them right away. NCL was not any help in determining how this happened. I would also suggest to update your password if you haven't done so in a while. Did you also call and cancel the credit card that was used to make the bid? If not, why not? 1 1 Link to comment Share on other sites More sharing options...
Rare insidecabin Posted May 21, 2023 #16 Share Posted May 21, 2023 They send the link to the bidding system in an email. I would me more concerned about that being the potential problem area Link to comment Share on other sites More sharing options...
MoCruiseFan Posted May 21, 2023 #17 Share Posted May 21, 2023 4 hours ago, ChiefMateJRK said: You're a victim of corporate IT security my friend! 🤣 Been there, done that. In the grand scheme of things, passwords for financial accounts are the only ones that are all that important. My password for my local utility account? 🤣 God forbid that somebody hacks that and sees what I paid for electricity last month. Absolutely 100% false. Worst advice ever given out on CC! 2 2 Link to comment Share on other sites More sharing options...
Rare cruiseny4life Posted May 22, 2023 #18 Share Posted May 22, 2023 On 5/20/2023 at 7:08 PM, RocketMan275 said: Most of the advice on passwords is absurd. Each passworkd- upper case, lower case, special character, number, at least eight characters, all random and don't use the same password in more than one place. Then they tell you not to write them down. They tell you to memorize a cute little ditty to remember the password by. OK, got it. Now I have fifty passwords. Do I need cute little dities to remember the fifty cute little ditties. But it's ok to enter them in a password manager...because, ya know, that third party software won't get hacked..... Link to comment Share on other sites More sharing options...
RocketMan275 Posted May 22, 2023 #19 Share Posted May 22, 2023 44 minutes ago, cruiseny4life said: But it's ok to enter them in a password manager...because, ya know, that third party software won't get hacked..... And, your solution is what? Link to comment Share on other sites More sharing options...
Rare cruiseny4life Posted May 22, 2023 #20 Share Posted May 22, 2023 1 minute ago, RocketMan275 said: And, your solution is what? I have them all memorized...when I forget, I create a new password for whatever account I forgot. Works for me. I know it doesn't work for many, though. Link to comment Share on other sites More sharing options...
RocketMan275 Posted May 22, 2023 #21 Share Posted May 22, 2023 1 minute ago, cruiseny4life said: I have them all memorized...when I forget, I create a new password for whatever account I forgot. Works for me. I know it doesn't work for many, though. I have fifty plus accounts with passwords. Now how many unique complex passwords can you memorize? Link to comment Share on other sites More sharing options...
Rare cruiseny4life Posted May 22, 2023 #22 Share Posted May 22, 2023 1 minute ago, RocketMan275 said: I have fifty plus accounts with passwords. Now how many unique complex passwords can you memorize? In an effort to preserve a little bit of online security, I won't answer that question. Suffice to say, I likely have the same number (or more) of accounts as you. Also, my memory is like a sieve.:-) Link to comment Share on other sites More sharing options...
Rare insidecabin Posted May 22, 2023 #23 Share Posted May 22, 2023 1 hour ago, cruiseny4life said: But it's ok to enter them in a password manager...because, ya know, that third party software won't get hacked..... Not great for the LastPass users. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now