United Airlines says it wasn't breached as several MileagePlus members have discovered fraudulent activity on their accounts. It appears usernames and passwords were compromised from a third-party, and the unauthorized purchases began sometime in December 2014, the airline has confirmed. The California Office of the Attorney General was notified about the incident last week.
United is still trying to determine how the information was compromised, as criminals have increasingly targeted loyalty programs for airlines, hotels and other travel industry businesses. The accrued points are easy to cash out for restaurants, rental cars, air travel, hotels, and other perks.
Cybercriminals are finding new methods to find usernames and password credentials to steal - and the fraudulent activity suffered by MileagePlus members is an indication that trend will continue.