Now, this is really nice to see. Aeroplan, an airline loyalty points program here in Canada, noticed something was afoot. When reviewing logs…MY $DEITY SOMEONE ACTUALLY DOES THAT, they noticed a coordinated attempt to access numerous accounts. Seems some information on certain accounts were in fact accessed.

Here is the email they sent out:

Aeroplan has discovered and blocked activity on that appears to have been a coordinated attempt to access a limited number of member accounts.

While at this time there is no evidence of any personal information from your profile being accessed, only account balance information, we have taken the proactive step to force a password reset to protect your account. Please read below for details and instructions.

We take our responsibility to keep member data safe very seriously. In keeping with our commitment to the protection of your data we have shut down access to the affected accounts and are asking members who have been impacted to contact the Aeroplan Contact Centre at 1‑866‑964‑1810 or visit to confirm their identities, verify transactions and reset their password and secret questions.

There are also several important steps that you can take to ensure that your data on any site, including Aeroplan’s, is secure:

Avoid using simple passwords based on dictionary words
Never use the same password on multiple sites or services
Never click on “reset password” requests in emails — instead go directly to the service or its website.
Protect your account number and password, don’t share it with untrusted websites, mobile applications or anyone who may not protect this information

Thank you for taking the time to read this. If you have any questions, please do not hesitate to contact the Aeroplan Contact Centre.

I am curious as to what exactly constitutes “a limited number of member accounts”. I should point out that and Esso gas stations they have a cross promotion with Aeroplan. On the bottom of each receipt is printed…your Aeroplan account number. Which, is in fact your username to login to the site.


It would be even funnier if what they managed to detect was users accessing via Tripit Pro.

Just thinking out loud.

(Image used under CC from caribb)

Leave a Reply

Your email address will not be published. Required fields are marked *