AGR Account Hacked (Mine, Maybe Yours?)

Advertise with us
Shop deals on ebay
shop deals on amazon
Amtrak Unlimited Discussion Forum

Help Support Amtrak Unlimited Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Dovecote

Dovecote

OBS Chief
Joined
Jul 22, 2009
Messages
847
Location
Miramar Beach, Florida
Upon checking the posting of points to my account my address in my AGR profile was incorrect. It showed an address from Massachusetts. I then checked my wife's profile and her address was incorrect as well (it showed Memphis, TN). Both addresses were corrected yesterday in the AGR profile on my pc. Upon checking them today, mine was correct but wife's address showed Newport Beach, CA.

I called AGR to inform them of the address error and of my concerns. The agent was surprised and spoke to the lead supervisor. The agent was told that concerns such as mine have been noted and informed me that accounts have been hacked. I was told to change the password to the accounts in question. Hopefully this will be the end of this for me.

Here is hoping that your accounts have not been hacked.
 
Last edited by a moderator:
I just looked at my account and it also had the wrong address.

When I called AGR to tell them, they asked if the Parkersburg, PA address was my former address. (I have no idea where that even is!) It got "corrected" (back) to the correct address.
 
Mine was incorrect also. They had me in New Jersey. I was asked many questions to determine that I was the correct person. I was told that this was not a hack, but a glitch that occurred when AGR and Amtrak accounts were merged. My password was reset.
 
the_traveler said:
I just looked at my account and it also had the wrong address.

When I called AGR to tell them, they asked if the Parkersburg, PA address was my former address. (I have no idea where that even is!) It got "corrected" (back) to the correct address.
Click to expand...
Come on . . . Parkesburg PA is an Amtrak station on the Keystone route! :p

My account was correct, for some reason.
 
My address showed as one in Bryn Mawr, PA, so I just changed my password too.

Edit to add: The snail mail version of the targeted Double TQP offer just arrived from AGR with the correct address.
 
Last edited by a moderator:
Rats. I'm still in Battle Creek.

I want the hackers to move me somewhere fun.
 
Ryan said:
I still apparently live here.

Stupid Amtrak, can't even screw up properly and leaves me out. They can't do anything right!
Click to expand...
I hear if you complain to Customer Relations about this egregious oversight on Amtrak's part you'll get a voucher good for future travel, some overpriced cafe car fare or a breakfast meal in the dining car for your pajama clad chihuahua. :giggle: :giggle: :hi:
 
pennyk said:
Mine was incorrect also. They had me in New Jersey. I was asked many questions to determine that I was the correct person. I was told that this was not a hack, but a glitch that occurred when AGR and Amtrak accounts were merged. My password was reset.
Click to expand...
I was initially told by the first AGR agent on Tuesday about the "glitch" when the AGR and Amtrak accounts were merged back in January. The second AGR agent on Wednesday questioned the initial explanation and was informed of the hack after discussing the matter of the lead supervisor. Let's hope our addresses are correct today!
 
Dovecote said:
pennyk said:
Mine was incorrect also. They had me in New Jersey. I was asked many questions to determine that I was the correct person. I was told that this was not a hack, but a glitch that occurred when AGR and Amtrak accounts were merged. My password was reset.
Click to expand...
I was initially told by the first AGR agent on Tuesday about the "glitch" when the AGR and Amtrak accounts were merged back in January. The second AGR agent on Wednesday questioned the initial explanation and was informed of the hack after discussing the matter of the lead supervisor. Let's hope our addresses are correct today!
Click to expand...
My address is correct this morning. I will check again later. Thanks for the heads up.
 
I just saw this, and my address is correct as of this morning. If they sent me somewhere exciting before returning me to New Jersey, I missed it! :p
 
I am wondering why someone would take the trouble to hack into an account like AGR and just change the snail mail address and nothing else. Maybe they thought that AGR is another front for the Social Security Administration or IRS. :D

My guess at present is on a goofup in merging AGR and Amtrak.com accounts together. Happened to just one of the batches during the merge process.
 
the_traveler said:
It doesn't seem likely that this happened "during the merge". My address was fine last week, or whenever I looked last.
Click to expand...
Or some other internal tinkering. Never underestimate the ingenuity of IT system managers at screwing up things internally.

As of now there are no reports of any recent systematic cyber attack on Amtrak. Maybe we will see some soon if this is serious.
 
Last edited by a moderator:
My thought is the supervisor who said it was hacked either had no clue what happened or was trying to put the blame outside of Amtrak.
 
After noticing this thread, I tried to log in to my AGR account. Count not as account was locked out. Called the 800 number and after verifying my identity, they sent me an email to reset my password. All of the account info such as address and AGR points was correct, so I did not have to fix anything other than to create a new password.

If anyone has not logged into their Amtrak/AGR account recently, probably a good idea to do so in case you need to reset the password prior to booking a trip or departing for one.
 
Just logged into my account. No problem, no lock up, no need for new password. Maybe a specific batch of accounts were affected.

Dropbox for example is requiring only a specific batch of accounts to renew and change their Passwords because apparently inadvertently they made an old password file publicly available somehow that contained a specific set of accounts.
 
Just logged in to my AGR account. It appears that my AGR account is unscratched, with the exception of account merger with the Amtrak reservation profile, and a member PIN (don't know what that PIN is for). Address is still the same, login info still valid, and was never contacted by AGR about the hacking.
 
Last edited by a moderator:
bmjhagen9426 said:
Just logged in to my AGR account. It appears that my AGR account is unscratched, with the exception of account merger with the Amtrak reservation profile, and a member PIN (don't know what that PIN is for). Address is still the same, login info still valid, and was never contacted by AGR about the hacking.
Click to expand...
According to my Android app, the PIN is something you can set up for added security when phoning AGR -- so I created a PIN. Don't know how much security a PIN adds to phone transactions? Do know a major rule about online Internet and other computer system passwords -- "never send or store passwords in the clear" -- so AGR phone agents can't , won't, and shouldn't ask for your online account password.

Checked my AGR account both by Android app and internet, no changes since July, did a few updates while online.
 
I'm aware of "no password in the clear". All sites I log in have the password "salted". As for "never send or store passwords in the clear", I also see that employers should follow that rule when hiring employees (i.e. Employees being forced to supply their Facebook password).
 
I got a call yesterday from AGR about this problem.

The agent apologized for the inconvenience. He said it was a software problem, and that some accounts were affected but others were not. He specifically said that the accounts were not hacked or anything like that.
 
Last edited by a moderator:

Latest posts

Back
Top