Frequent flier miles are the kind of perk that should make customers more loyal to a company, but reports that cybercriminals have hacked into the accounts of British Airways customers may have some passengers wishing they’d stayed at home.
According to a carefully worded advisory published by the airline, the Avios frequent flier accounts were accessed by a “third party using information obtained elsewhere on the Internet,” but British Airways insisted transaction histories and financial payment details were not compromised. Meanwhile, on the FlyerTalk message forum, posters reported their frequent flier account balances registering zero, and others claimed they were locked out of their accounts entirely.
Frequent flier miles make a prime target for cybercriminals, given their popularity and their connection to detailed profile information. The Independent reported that tens of thousands of British Airways customers have been affected by the security breach. While it may not lead to widespread identity theft, it could still pose challenges for the airline to restore the accurate balances on the affected accounts.
While British Airways has already apologized for the inconvenience and promised to restore service in a few days, according to The Guardian, it’s worth noting that the incident was also aimed at members of its executive club accounts. That means some of British Airways’ most important customers may be unable to use their frequent flier miles until the situation is completely resolved.
The most obvious initial takeaway from the incident, IT PRO noted, is that users of frequent flier programs should ensure they don’t use the same login credentials to access numerous online accounts. Hopefully, even those British Airways customers who weren’t among those affected by this particular breach are already taking that precaution.
Unfortunately, British Airways is by no means the only corporate victim of this sort of crime. As reported by Krebs on Security, researchers recently discovered a security flaw in a similar customer loyalty program for Hilton Hotels. BBC News noted that other incidents have recently taken place involving user accounts on GitHub, a popular repository for open-source software development projects, and Slack, a software-as-a-service offering for unified communications. Even on-demand ride service Uber is rumored to have been hit by a recent breach, though the company has so far denied it.
In British Airways’ case, however, the company may not have helped matters by sending an email with a link asking customers to reset their passwords, Inquisitr said. The last thing anyone needs is to wonder whether such emails are part of a phishing scheme. At the moment, the recent spate of bona fide data breach attempts are enough to confuse anyone.