Those enrolled in United Airlines' MileagePlus program should change their password as a precaution against hackers. It's a reminder that multiple uses of the same username and password combination may be storing up trouble for the future.
United reported yesterday that a number of accounts have been fraudulently accessed using "using login credentials that came from a third party".
This also shows that it isn't always payment card or bank details that are a target for hackers. Last year Booking.com was at the center of a scam whereby customer booking details were hijacked and used to dupe victims into thinking they were pre-paying for hotel accommodation.
A keystone for any security and compliance standard is a strong password policy, covering password length and complexity, age and re-use history, and to rename any default named accounts such as Administrator - browse any of the CIS Benchmark hardening guidelines for examples.
This should be carried over into everyday life too for all personal access credentials - some tips are provided in this article prompted by a similar password/username re-use breach affecting eBay.
More on United Airlines' MileagePlus account breach and the United Advisory note
More on Booking.com scam
More on eBay breach and tips for password policy