On July 13, someone hacked into my American Airlines account. I got this email as I was wandering through Target:

None of these details are known to me

My AAdvantage award? I knew right away that my AA account had been hacked. I had about 87,000 miles in there and 85,000 of them were redeemed for a business-class flight from Houston (IAH) to Toronto (YYZ), under the name Deborah Niang.

At first, I was mostly annoyed. I figured I’d call AA when I got home, have them cancel the flight and redeposit the miles, and move on.

Nearly two months later, I have the miles back… but my AA account is completely messed up. Unsurprisingly, after many phone calls and looong wait times, nothing’s been done.

I’m in this liminal space between two AA accounts: my old, hacked one and a new one with nothing in it but the redeposited stolen miles.

Reaching out to American Airlines

OK so, the AA security department closes at 5pm and by the time I got home, was closed. I called back the next day.

The security people were pleasant enough. They closed the old account and walked me through opening a new one. There was no way I could keep the old account or loyalty number. They assured me everything would switch over “overnight, while you’re sleeping.”

What my AA account looked like the night of July 13

My AA account wasn’t amazing or anything – I’m not ultra elite, haven’t flown around the world 10,000 times with AA or anything. I had modest Gold elite status, a handful of loyalty points, and just under 2,000 miles left after the hacking.

I had soooo much stuff plugged into that account

I’d had that account since 2006, so it did sting to lose that loyalty number. I had it memorized and had a bajillion things linked to it:

Two AA credit cards (Citi and Barclays)My Hyatt accountSimplyMilesAA diningAA shoppingBusiness ExtraBilt, for transfers

I explained all of this to the security department, who assured me it would transfer over. All of it: the loyalty points, the million miler status, the credit card for flight benefits, the dining account, and all the rest.

I wanted it to be as easy as that, but that skeptical voice in my head said, “Yeah, right. You don’t really believe that… do you? This is American Airlines you’re talking about! Ha!”

The new AA account, post hacking

Now I have a new, raw AA loyalty account.

This is all the activity in the account, two months later

First and foremost, I wanted to get the miles back. To do that, AA required me to report the loss and get a police report. Within 30 days.

I thought that was a little extreme and I didn’t want to deal with the cops here in Oklahoma City – they’re stretched thin and pointedly asked if I was reporting an “accident, shooting, stabbing, or break-in” when I called.

“Uhhhh… my American Airlines account has hacked? Yeah. And they want me to get a police report.”

To say I was shuffled around to the lowest “I don’t give two shits about this” level of the OKCPD is an understatement. I called and called and called.

I get it: This isn’t that big of a deal in the grand scheme, but American Airlines sent me detailed instructions on what to include in the report and like… just do it. This shouldn’t take days.

American Airlines said my 85,000 miles were worth $2,507.50. And that’s not nothing. So yes, I wanted to report this theft.

The email from AA security

After a million phone calls to OKCPD and a clunky filing system that required filling out forms and sending payments online, I had to wait to receive a paper copy in the mail. (I hope you felt the eyeroll in that italics.)

This is what an OKC police report looks like, in case you ever wondered. Also, “SKY MILES”

I emailed this report to AA on July 27. Later that night, the missing 85,000 miles and whatever was left appeared in my new AA account. And that’s been the extent of all the activity since then.

So guess I’ll just wait forever?

I’ve called American Airlines security back a few times saying something to the effect of “WTF?” So on the second or third call, the representative told me a “bug would crawl” my account (whatever that means) and move over all the missing information (the AA credit cards, my loyalty points, Gold elite status, etc.)

She said that a status challenge promotion from 2016 (?!) was causing the issue and that there’s no way to take it off my account. Yes, a promotion from seven years ago.

Last week, I called again. They said they’d “escalate” it, which is code for shut up and go away.

I can no longer log in to the old account. The new account has nothing in it. I have a couple of trips later this year that I booked with my old AA number. They said those flights won’t be affected, but now I’m not so sure.

I’ve been checking back daily to see if the “bug” has “crawled” my account, but so far: nothing.

Everything attached to the old account is effectively useless now

I tried opening a new SimplyMiles account, but when I went to re-add my cards, the system told me they were already linked to another account. Same for Business Extra. And I’m assuming, same for my AA credit cards and linked Hyatt account and all the other zillion things I linked to the old number over the years.

This is basically a giant hassle and no one is helping me resolve it. My account was hacked and now I’m basically screwed I guess?

I don’t have it in me to be on the phone for more hours or to beg someone to help me with this. This has already taken up way too much of my time already.

Other observations from this “American Airlines account hacked” drama

So that email up there talking about the award redemption was one of many… VERY many. Like, over 1,000 emails gushed into my inbox over an hour.

I’d look every few minutes and dozens more would roll in. It was absolutely crazy-making.

Whoever hacked me added my email to some sort of spam database and the email from American Airlines was buried among them. They were hoping I wouldn’t see it.

Even now, I’m unsubscribing from random email lists (thank gods for spam software).

And despite following American’s instructions to a T, all they’ve done since I emailed the police report is tell me dumb stuff to get me off the phone and then not do anything.

In the end, I have a new, useless account and many services I can’t use with it. Despite assurances of a seamless transition, I don’t think I’ll trust it even if everything does magically roll over.

But, I’m coming up on two months since the hacking and theft and this whole thing is hugely frustrating and time-consuming.

It makes me not want to bother with AA or AA miles or the loyalty points or any of it any more. I’m disappointed, but can’t say I’m surprised. This is exactly what I expect from AA.

American Airlines account hacked bottom line

I’m sharing this to highlight how easily an account can be hacked and the incredible amount of drama required to put everything back into place.

The takeaway for you, dear reader, is to change your passwords often. All of mine are now so “secure” not even I can remember them.

I don’t know what will become of the police report or Deborah Niang or the old AA account – or the new one. This is all so frustrating and will take a long time to fully “reset.” I realize how very white collar this all sounds, but miles are a form of currency and have value. About $2,500 in my case.

Also, just that you can be wandering around Target one minute then bam! – 1,000 emails to scour and literal hours of your life gone to sorting it all out – is rather nuts. And I don’t have any more time to spend on this.

I’m curious if anyone else has experienced this recently? It surely can’t have just been me. Did your situation have a better result than mine? Did American Airlines come through for you? I’m still waiting.

OUT AND OUT - Out for points. Out for money.