I found within about 4 hours that someone had hacked into THEIR system and compromised MY credentials. The hacker changed my associated email tied to my account to his own, redeemed my points for an Apple Gift card and then changed my account email back to my original email.
I logged an incident through their feedback system, since you cannot call anyone to (1) NOT to process the point redemption for the gift card & (2) to warn them of the security breech. I had attached a copy of the evidence that my associated email tied to my account was changed & the automated notification of the gift card redemption.
In response, I received a canned email stating in order to help me I need to verify myself by **uploading a Gov't issue ID to a 3rd party website!** After my account being compromised because of their inadequate security on their systems, I have to upload a picture of PII (Personal Identifiable Information) to a 3rd party site where their "Privacy terms & conditions" state they hold on to your information for 3 years! Anyone see the irony there? My account was compromised and they want me to upload more personal information to a 3rd party website!
I respectfully replied that after being hacked I do not feel comfortable doing that and offered an alternative way to verify who I am. Without notification, they deactivated my account.
I reached out again and received the same exact form email stating before they can help me, I have to go to that 3rd party site to verify who I am. Anyone who has an ounce of common sense can resolve my issue if they would simply READ my ticket. Meanwhile, the hacker is enjoying free money off of my account, courtesy of poor security at MyPoints.
MyPoints "customer service" is wretched. It's a disservice.