New Account Fraud and Bonvoy Account Takeover Targeting Marriott Customers
Criminals create new Marriott Bonvoy accounts using stolen identity data or take over existing accounts to drain points, book stays fraudulently, or apply for the Marriott Bonvoy credit card in the victim's name.
Part of: New Account Takeover
Last reviewed: 8 June 2026
Marriott Bonvoy accounts accumulate points through stays, dining, and affiliated credit card spending that can be worth hundreds or thousands of dollars in free nights at premium properties. This stored value, combined with the credit card linked to many Bonvoy accounts, makes the programme a target for both account takeover and new-account fraud.
Marriott itself suffered a major data breach affecting hundreds of millions of records, which means that for many customers, their personal data — including Bonvoy account numbers, addresses, and passport details — may already be in circulation. This lowers the barrier for both personalised phishing and identity-based new-account fraud.
New-account fraud using stolen Marriott or public identity data allows criminals to apply for the Marriott Bonvoy American Express or Chase card in a victim's name, directing the card to a mule address, and potentially using it for significant spending before the victim is aware.
How this scam works on the Marriott brand
In account takeover, the attacker credential-stuffs or phishes a Bonvoy login. They immediately change the account email, redeem available points for free nights or transfer them to airline miles, and may apply for a Marriott credit card upgrade within the authenticated session.
In new-account fraud, the criminal uses stolen identity data to create a fresh Bonvoy account with an email address they control, then applies for the Bonvoy credit card using the victim's real name, address, and SSN. The card arrives at a mule address and is used for large purchases before the victim discovers the hard inquiry on their credit report.
Some attackers combine a prior Bonvoy credential capture with a targeted credit card application, leveraging the verified identity associated with the account.
Common red flags
- You receive a Marriott Bonvoy welcome email or account creation confirmation you did not initiate
- Your Bonvoy points balance has dropped without any redemptions you made
- A hard credit inquiry from American Express or Chase Marriott appears on your credit report unexpectedly
- A Marriott Bonvoy credit card arrives at your address that you never applied for
- Your Bonvoy account email address or PIN has changed without your action
- A Bonvoy login alert arrives from an unfamiliar device or country
How to protect yourself
- Enable two-step verification on your Bonvoy account under Account Profile and Security
- Use a unique, strong password for your Bonvoy account
- Place a credit freeze with all three bureaus to prevent fraudulent card applications in your name
- Monitor your Bonvoy account balance and redemption history at marriott.com regularly
- Review your credit report at annualcreditreport.com for unexpected card applications or hard inquiries
- Contact Marriott Bonvoy at 1-800-627-7468 immediately if you notice unrecognised account activity
How to report it
- Contact Marriott Bonvoy customer service at 1-800-627-7468 to report account fraud
- Report identity theft and new-account fraud to the FTC at identitytheft.gov
- If a Bonvoy credit card was fraudulently opened, dispute it with the card issuer and report to the FTC
- File a report with the FBI at ic3.gov if financial loss resulted
Frequently asked questions
How does Marriott's past data breach affect risk today?
The breach exposed personal and passport data for hundreds of millions of guests. This information may still be in circulation and can be used to impersonate you in new-account fraud or to personalise phishing attacks. Enable two-factor verification and monitor your credit report.
Can fraudulently redeemed Bonvoy points be restored?
Marriott Bonvoy investigates fraud reports and may reinstate points if the takeover is confirmed and reported promptly. Contact customer service as soon as you notice any unexplained redemptions.
What is the most important action to prevent Bonvoy account takeover?
Enable two-step verification and use a unique password for Bonvoy. A unique password eliminates credential-stuffing risk, and two-step verification means even a captured password alone cannot unlock your account.