British Airways, one of the U.K’s biggest airlines, suspended users’ frequent flier accounts this weekend after an apparent breach recently hit the company.
It’s unclear exactly how many fliers were implicated by what British Airways is calling “unauthorized activity” on its Executive Club accounts, but a report in The Guardian on Sunday suggests that tens of thousands of customers may have been targeted.
When reached Monday a spokesperson from the airline insisted that only a small portion of its customers were affected and that as far as it knows the attackers did not have access to sensitive information like users’ travel histories and banking information.
In a letter circulated to Executive Club members over the weekend the airline pointed out that it was suspending usage of Avios, the club’s specialized currency. For at least a few more days those looking to use their Avios and book travel have been informed they have to do so via an Executive Club service center.
.@British_Airways Suspends Accounts Following Unauthorized Activity
Tweet
According to the airline the attack was the “result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts.”
Based on the description it sounds as if frequent fliers who used the same passwords for multiple accounts were targeted in particular. Affected users will be required to reset their passwords before logging into their accounts and are being encouraged to exercise vigilance when it comes to monitoring their personal data going forward.
“We are sorry for the concern and inconvenience this matter has caused and would like to reassure customers that we are taking this incident serious,” an airline spokesperson said via email.
A slew of usernames and passwords belonging to Uber passengers surfaced online this weekend and much like the British Airways hack, the running theory behind the leak is that attackers were able to exploit the victims by leveraging credentials stolen in a previous, unrelated breach.