Jump to content
Cruise Critic Community

Beware of Potential Security Breach / NCL Website User Profiles

bhorv67

By bhorv67,
in Norwegian Cruise Line

 Share

Recommended Posts

bhorv67

bhorv67

Posted
Posted

This morning I received 3 email notifications from NCL confirming upgrade bids for an upcoming cruise that I didn't request. Each of the 3 bids were for the same dollar amount. Luckily, the bids were still in a pending status and I was able to cancel each from the emails I was sent this morning.

I contacted NCL support and they concluded the requests were made outside of NCL's system - which means somehow my profile has been hacked. I changed the password just to be sure.

 

Everyone - be aware, if you see any bids for upgrades you didn't request, be sure to cancel them right away. NCL was not any help in determining how this happened. 

I would also suggest to update your password if you haven't done so in a while. 

  • Like 1
  • Thanks 4
Link to comment
Share on other sites
TPgal

TPgal

Posted
Posted

Thanks for sharing!   

Also if you use the same ID/password on other sites it would be time to change those as well.   More often than not, the bad guys will try the name/password combinations on multiple sites.  

I know it's hard to remember all the different log ins but use a password manger like 1Password, or even the password saver on google/msft is better than using the same id/password combo on multiple sites.  

  • Like 1
Link to comment
Share on other sites
KeithJenner "Live from...." Rare

KeithJenner

Posted
Posted

It seems very odd for someone to do that though. I can't see what is in it for them.

 

Maybe I'm missing something, but I would also consider that it could just be an IT error.

 

Do NCL store credit card details? I don't think they do in the UK, so it seems a very odd thing for a hacker to do (i.e. try to upgrade your cabin and pay for it for you).

 

As I say, I may be missing something here.

  • Like 4
Link to comment
Share on other sites
schmoopie17

schmoopie17

Posted
Posted
2 hours ago, KeithJenner said:

 

Do NCL store credit card details? I don't think they do in the UK, so it seems a very odd thing for a hacker to do (i.e. try to upgrade your cabin and pay for it for you).

 

You would think they would keep a credit card on file for returning customers/Latitudes members, but apparently they don't. Every time we book a new reservation, our PCC asks for the credit card info.

Link to comment
Share on other sites
Oceansaway17 Holiday Sharing Rare

Oceansaway17

Posted
Posted
2 hours ago, schmoopie17 said:

You would think they would keep a credit card on file for returning customers/Latitudes members, but apparently they don't. Every time we book a new reservation, our PCC asks for the credit card info.

And this is a good thing as c c have expiration dates so no need to maintain 

Link to comment
Share on other sites
WexIrl

WexIrl

Posted
Posted

Aye seems like an NCL/affiliate issue rather than an attack vector on your PI.

Taking a step back and in considering 99% of people do not know how passwords are utilized beyond their input, it is safe to say if someone gained access to your passwords via a cracked string match including a bit of salt on it, there is no way they will utilize that access to make a bid for you..... they get no gain from it.

Criminals in this space are there to make easy money for themselves, booking additional NCL addons is not in their interest.

Just my opinion, but I would encourage you to regularly change your passwords, not a have the same password for all your accounts/logins, and not use a 'password manager'... because they also can be compromised too.

Link to comment
Share on other sites
fredkelk

fredkelk

Posted
Posted
4 hours ago, schmoopie17 said:

Do NCL store credit card details? I don't think they do in the UK, so it seems a very odd thing for a hacker to do (i.e. try to upgrade your cabin and pay for it for you).

They do store at least some credit card info. I have never been asked if it should be stored but have not had to enter info again when I was adding excursions to my cruise. Possibly the PCC stored it. I do use a cc not attached to my primary bank. I have a separate bank account I use to pay the card. 

Link to comment
Share on other sites
RocketMan275

RocketMan275

Posted
Posted
21 hours ago, WexIrl said:

Just my opinion, but I would encourage you to regularly change your passwords, not a have the same password for all your accounts/logins, and not use a 'password manager'... because they also can be compromised too.

I have at least fifty accounts requiring passwords.

Link to comment
Share on other sites
eileeshb "Live from...." Rare

eileeshb

Posted
Posted
21 hours ago, WexIrl said:

Just my opinion, but I would encourage you to regularly change your passwords, not a have the same password for all your accounts/logins, and not use a 'password manager'... because they also can be compromised too.

I have almost 350 ID/password combos in my personal account password manager and probably another hundred or so in the manager at work. There is no way I’m going to remember all of those and some of them have a requirement to change the password on a regular basis. Having to remember one or two complicated passwords is a heck of a lot easier than the alternatives.

Link to comment
Share on other sites
RocketMan275

RocketMan275

Posted
Posted
2 minutes ago, Anashoo said:

Yeah a password manager is almost essential today. If they ever make biometrics the actual password instead of just a way to access your passwords, I’ll be so happy

Most of the advice on passwords is absurd.  Each passworkd- upper case, lower case, special character, number, at least eight characters, all random and don't use the same password in more than one place.  Then they tell  you not to write them down.  They tell you to memorize a cute little ditty to remember the password by.  OK, got it.  Now I have fifty passwords.  Do I need cute little dities to remember the fifty cute little ditties.  

Link to comment
Share on other sites
ChiefMateJRK

ChiefMateJRK

Posted
Posted
11 minutes ago, RocketMan275 said:

Most of the advice on passwords is absurd.  Each passworkd- upper case, lower case, special character, number, at least eight characters, all random and don't use the same password in more than one place.  Then they tell  you not to write them down.  They tell you to memorize a cute little ditty to remember the password by.  OK, got it.  Now I have fifty passwords.  Do I need cute little dities to remember the fifty cute little ditties.  

You're a victim of corporate IT security my friend! 🤣  Been there, done that.  In the grand scheme of things, passwords for financial accounts are the only ones that are all that important.  My password for my local utility account?  🤣  God forbid that somebody hacks that and sees what I paid for electricity last month.

  • Haha 2
Link to comment
Share on other sites
SeaShark

SeaShark

Posted
Posted
On 5/19/2023 at 10:43 AM, bhorv67 said:

This morning I received 3 email notifications from NCL confirming upgrade bids for an upcoming cruise that I didn't request. Each of the 3 bids were for the same dollar amount. Luckily, the bids were still in a pending status and I was able to cancel each from the emails I was sent this morning.

I contacted NCL support and they concluded the requests were made outside of NCL's system - which means somehow my profile has been hacked. I changed the password just to be sure.

 

Everyone - be aware, if you see any bids for upgrades you didn't request, be sure to cancel them right away. NCL was not any help in determining how this happened. 

I would also suggest to update your password if you haven't done so in a while. 

 

Did you also call and cancel the credit card that was used to make the bid? If not, why not?

  • Like 1
  • Haha 1
Link to comment
Share on other sites
MoCruiseFan

MoCruiseFan

Posted
Posted
4 hours ago, ChiefMateJRK said:

You're a victim of corporate IT security my friend! 🤣  Been there, done that.  In the grand scheme of things, passwords for financial accounts are the only ones that are all that important.  My password for my local utility account?  🤣  God forbid that somebody hacks that and sees what I paid for electricity last month.

Absolutely 100% false.  Worst advice ever given out on CC!

  • Like 2
  • Haha 2
Link to comment
Share on other sites
cruiseny4life Holiday Sharing Rare

cruiseny4life

Posted
Posted
On 5/20/2023 at 7:08 PM, RocketMan275 said:

Most of the advice on passwords is absurd.  Each passworkd- upper case, lower case, special character, number, at least eight characters, all random and don't use the same password in more than one place.  Then they tell  you not to write them down.  They tell you to memorize a cute little ditty to remember the password by.  OK, got it.  Now I have fifty passwords.  Do I need cute little dities to remember the fifty cute little ditties.  

But it's ok to enter them in a password manager...because, ya know, that third party software won't get hacked.....

Link to comment
Share on other sites
RocketMan275

RocketMan275

Posted
Posted
1 minute ago, cruiseny4life said:

I have them all memorized...when I forget, I create a new password for whatever account I forgot. Works for me. I know it doesn't work for many, though.

I have fifty plus accounts with passwords.  Now how many unique complex passwords can  you memorize?

Link to comment
Share on other sites
cruiseny4life Holiday Sharing Rare

cruiseny4life

Posted
Posted
1 minute ago, RocketMan275 said:

I have fifty plus accounts with passwords.  Now how many unique complex passwords can  you memorize?

In an effort to preserve a little bit of online security, I won't answer that question. Suffice to say, I likely have the same number (or more) of accounts as you. 

 

Also, my memory is like a sieve.:-) 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
  • Forum Jump
    • Categories
      • Welcome to Cruise Critic
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Cruise Critic News & Features
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...