Delta Randomly Sent Me My Personal Identification Number

Delta promptly emailed Aaron the PIN from his SkyMiles account. Which is nice and all, except for the fact that Aaron never lost his number and didn’t request the email. The announcement showed up with no prompt whatsoever.

Aware that email accounts aren’t the most secure things in the world, he’s worried email hackers could take this information and use it to rob people. To be more specific, Aaron’s afraid they could rob him.

He writes:

So, here is a screen cap of an email I just got from Delta. For reference it says:

JUST A REMINDER:

Dear Mr Reese,

Forgot your SkyMiles account Personal Identification Number (PIN)? No problem.
Your PIN is: xxxx

Now, I didn’t request this…it was seemingly sent out by their listserv because it gives me unsubscribe instructions. Of course, at the bottom it says “Delta is not liable for losses resulting from unauthorized access to, or use of, a SkyMiles account PIN.” If you aren’t liable, then don’t send it in plain text! Many people use the same PIN for multiple accounts, and so this could be a huge security issue.

Yeah, so don’t use the same PIN for different accounts, especially if you’re a SkyMiles member. That’s easier said than done, but Aaron’s story might just be enough of a kick in the pants to get you to comply.

Comments

Edit Your Comment

  1. Mobius says:

    Someone with a similar email address probably tried to request their own pin and typed OP’s email by mistake. This happens to me ALL the time with my gmail account. Every week, minimum. I don’t see the big deal.

    • UltimateOutsider says:

      Yep. Same here, it happens to me at least once a year that someone types their apparently-similar email address wrong when signing up for a web site or requesting a password reset.

  2. Ravant says:

    This means someone tried to access your account and clicked the “Forgot your password” link. Not a big issue on Delta’s side of things.

    • YouDidWhatNow? says:

      Yes. You should be trying to find out who was wanting your PIN.

      • ShruggingGalt says:

        And changing it YESTERDAY.

      • JohnnyP says:

        I dont know how you log into the site but if you create a “username” then somebody else could use the same one in other places just the OP got to Delta first. Then the other person realizing that there is an account at Delta with that name could have thought it was theirs and requested the pin.

      • mrstu says:

        More likely, someone tried to access their own account with a similar user name/email and made a typo… the fact that you, and not the other person got this means their security is working.

  3. pplrppl says:

    PINs should never be so short. It makes me sick to think of the financial risk I’m exposed to by companies that refuse to let me use a more secure password or PIN.

  4. Aaron Poehler says:

    This is not an issue.

    • ARP says:

      No, it means someone potentially tried to access his account and hoped they could have the location of the PIN changed.

      I would change the PIN right away.

  5. aloria says:

    What Mobius and Ravant said. Someone, either unintentionally or not, tried to request the pin. Though I agree that emailing out the actual pin or password is generally not a great idea– it’s usually better to email out reset instructions (that include some additional verification step such as a security question.)

  6. Randell says:

    Actually this is the system working as designed. Somebody typed in an email incorrectly. If the OP is the only person with access to his email, then he shouldn’t care. If I went to Delta.com right now, and typed in an email of somebody who had a Skymiles number, they would receive the PIN

  7. Javin says:

    Seriously, how is this even a story? Someone else forgot their pin and had a similar account number/name and requested it. How is this not obvious? This happens billions of times a day I would imagine.

    • Kamidari says:

      I have a pretty common first initial / last name at gmail.com address, and it happens billions of times a day to me alone, I think. :

      • Mobius says:

        I’m right there with you, man. The worst is people signing up for dating sites… tax services… MySpace, you name it, using my gmail address. It’s obnoxious. I have a form letter already typed out to send people who write me crap thinking I’m someone else who is too stupid to know and give out their own email address. I SO love double-opt-in now.

  8. Pryde987 says:

    In questionable consumer issues, editors should include a poll at the bottom. Something to the effect of “Is this person too sensitive/irrational/demanding?”

  9. bendee says:

    As has been said, non-issue. You just put in a Skymiles number when you can’t remember your PIN and Delta emails it to you. Go to Delta.com and try it. You enter in your number, they email you your PIN. Someone mistyped their number and Aaron received his PIN.

    How is this even considered a story on the Consumerist? It seems most of the articles have devolved into crying over nothing once someone spends 2 minutes investigating the claim through basic means – Google, public websites, etc. I wish you would spend more time with actual deception and items such as arbitration than the sob stories because the OP decided to email y’all first before talking to a supervisor/manager.

    • RandomHookup says:

      I just went to check this myself. Since Delta asks for your SkyMiles number and not an email address, it’s very easy to transpose numbers and end up getting a PIN mailed to someone else. Just change your PIN and don’t worry about it.

      • chiieddy says:

        The only concern here is Delta sending the actual password/PIN through email which is inherently insecure.

        • erinpac says:

          Not the best practice… but common and I’ve seen worse. Since they aren’t emailing the SkyMiles number with it, it’s still only half the info. Delete the email, rather than saving it, and it’s no worse than most password recovery features.

  10. Dyrenia says:

    Yeah, this kind of thing happens daily. Someone tried to use your account and hit the Forgot Password button. Did exactly what it’s designed to do.

  11. edosan says:

    …so did he notify them like the email said or just come running to Consumerist?

  12. chiieddy says:

    Delta does this whenever you change your PIN as well (so you can keep it in a safe place *eyeroll*)

    Likely someone mistyped their Frequent Flyer # and requested their PIN when it didn’t work

  13. legolex says:

    This happened to me when I called to get a new healthcare card! I never received it after weeks and weeks so I called back and during that call they asked me to confirm my middle name, something they didn’t do on the first call. They also said they didn’t have record of me requesting a new card so that means they pulled up someone else’s account with my name and sent them their own card.

  14. operator207 says:

    Does Consumerist even goto the pages that are in their articles?

    https://www.delta.com/skymilespin/skymiles/enrollment/forgot_pin/lostpin_main.jsp

    You type in your skymiles number. Shit, anyone can make a mistake typing in some random number. This was not a mistyped email address, nor was it “hacking”, this was customer 1234567 who typed 1234568 by mistake.

    Nothing to see, move along.