Avios Linking Nightmare: 50-Year Ban After BA Account Hack
The article highlights a critical and unforgiving security feature within IAG Loyalty's ‘Transfer Avios' system, previously known as ‘Combine My Avios', which enables linking British Airways Executive Club accounts with other partner loyalty programs like Qatar Airways Privilege Club. While the platform's overall usability is commendable, a specific unlinking rule presents significant risks. This rule dictates that once a British Airways account is unlinked from an external airline loyalty account, it cannot be relinked to that specific external account, intended as a security measure to prevent hackers from permanently linking compromised Avios accounts to their own.
However, this security protocol has a severe drawback, as illustrated by a reader's experience. His British Airways account was hacked, and the perpetrator linked it to a controlled Qatar Airways Privilege Club account, subsequently draining over 300,000 Avios. The reader, upon discovering the breach, unlinked the hacker's account. Months later, when he attempted to link his BA account to his *legitimate* Qatar Airways Privilege Club account, he was informed he couldn't for 50 years, until March 25, 2073, effectively a permanent ban for most. This implies a dangerous dilemma: users might be advised *not* to unlink a hacker's account to preserve their future linking capabilities.
Following the article's publication, IAG Loyalty issued a statement clarifying that the 50-year guidance was an internal security check, not a strict rule, and that the customer's accounts “should have been re-linked without question.” They apologised for the error but did not offer an immediate resolution for the affected reader.
(Source: https://www.headforpoints.com/2025/10/31/british-airways-account-hack/)

