British Airways hacked with 380,000 sets of payment details stolen
9 replies, posted
British Airways is investigating the theft of customer data from its website and app and has urged customers affected to contact their banks or credit card providers.
The airline said around 380,000 payment cards had been compromised.
In a statement, it said: "British Airways is investigating, as a matter of urgency, the theft of customer data from its website, ba.com and the airline's mobile app. The stolen data did not include travel or passport details.
"From 22.58 BST August 21 2018 until 21.45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on ba.com and the airline's app were compromised. The breach has been resolved and our website is working normally.
"British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice.
"We have notified the police and relevant authorities."
British Airways customer data stolen from its website | Business..
BA said anyone who believed they might have been affected should contact their bank or credit card provider and follow their recommendations.
This is not the first customer relations problem to affect the airline in recent times.
https://www.bbc.com/news/uk-england-london-45440850
https://twitter.com/British_Airways/status/1037755174700417025
BA insists its ransacked systems have been patched up, and its website is now working normally.
As of the time of this article was filed, Google Chrome continued to report that the airline's Customer Data Theft notification webpage is not fully secure and visitors should not enter sensitive information like passwords or credit cards. The main BA landing page, however, qualified for a security lock icon.
Chrome's web developer tools indicate that, among other issues, the alert page contains a mix of secure and insecure content, the problematic element being a form that targets an insecure endpoint.
Spokespeople for British Airways declined to comment beyond their official statements.
'World's favorite airline' favorite among hackers - The Register
hash and salt everything
hash AND salt EVERYTHING
HASH AND SALT EVERYTHING
HASH AND SALT EVERYTHING
if any actual info gets leaked, british airways should be held responsible directly
there is no fucking reason why passwords and info shouldn't be salted in 2018, this is negligence at this point
Sorry, should've said "encrypt" everything. Don't store payment credentials in plaintext
Whenever I see 'x company hacked' in the news I immediately assume negligence.
Wow, ISIS' technology has really moved on. Next you'll be telling me that they've cracked Enigma.
I was speaking to my dad about this breach earlier and discussing it from a technological stand-point. I was saying to him that credit/debit card details must be encrypted end-to-end, so either BA's security paradigm is massively flawed or the attack managed to grab the data before it was encrypted. The former sounds more plausible.
Yeah, I know, but I was just making a dumb joke about the Islamic State's technology being far behind ours.
I do think that sounds implausible, yeah. Much more likely that BA have shitty security. When I worked for an eCommerce company, some of the security was disgustingly awful.
Sorry, you need to Log In to post a reply to this thread.