Just last week it emerged that a 14-year-old uncovered a bug that allowed snooping on…
The company detected unusual login behavior through its mobile application between Aug. 22 and 24 that might have resulted in unauthorized access to around 20,000 profiles, or approximately 1 percent of the app’s 1.7 million users.
“Starting Aug. 29, 2018, we have sent emails to customers whose accounts may have been improperly accessed,” the company said on its website. “If you did not receive an email from Air Canada specifically advising you that your Air Canada mobile App account may have been improperly accessed, we are confident your account was unaffected during this period. As an additional precaution however, we are contacting all Air Canada mobile App users requiring all users to re-set their passwords.”
In addition to basic information such as name, email address and telephone number, an Air Canada customer’s profile can also include Aeroplan number, passport number, NEXUS number, Known Traveler Number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence.
Credit card information can also be associated with profiles, but the company said this data is encrypted and stored in compliance with payment card industry standards.
Air Canada didn’t reveal how hackers managed to gain access to customer accounts but said that users will have to reset their password “using improved password guidelines to further enhance security measures.” This suggests that it might have been a brute-force password guessing attack or a credential stuffing attack, where hackers try to access accounts using passwords leaked in data breaches from other services.
Security researchers have warned in the past that airline websites are using weak password schemes and that the whole global travel booking system, where flight and passenger information is exchanged between companies, uses highly outdated security.
“The security of Air Canada’s systems is of paramount importance, and Air Canada takes security of its customers’ privacy and data very seriously,” the airline said. “Air Canada approaches security in a multi-layered manner, and we also work with leading cyber security and industry experts to detect irregularities and take action quickly. We continuously improve our practices as technology and security practices evolve.”
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…
News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…
Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…