Some British Airways frequent flyer profiles have been hacked, according to reports, possibly affecting thousands of the company's Executive Club account holders.
A spokesperson for BA said: "British Airways has become aware of some unauthorised activity in relation to a small number of frequent-flyer Executive Club accounts.
"This appears to have been the result of a third-party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts."
The airline said that no names, addresses or bank details were viewed or stolen by the intruders.
"We would like to reassure customers that, at this stage we are not aware of any access to any subsequent information pages within accounts, including travel histories or payment card details," BA continued.
"We are sorry for the concern and inconvenience this matter has caused and would like to reassure customers that we are taking this incident seriously and have taken a number of steps to lock down accounts so they can no longer be accessed."
Security expert Graham Cluely said the incident highlighted the need for users to ensure they use different passwords for different accounts.
"From the sound of things, the attackers managed to get hold of a database of usernames and passwords and then threw it at the British Airways Executive Club website to see if they would also unlock accounts there," he said in a blog post.
"As I've said many times before, you should never use the same password for multiple websites."
Many BA customers have taken to forums such as Flyer Talk, concerned that their Avios balance has dropped to zero. Those contacting the airline have been told that their account may have been "breached".
User BA038_Passenger said on 27 March after enquiring about the problem: "My account should be replenished with my missing avios within 24-48 hours after answering a couple of security questions and resetting my password. They told me that they suspected my account had been breached somehow.
"Same has just happened to me," user ENTP also said. "I called BAEC, answered a few security questions, and was told my Avios will be reinstated soon." (sic)
Cluely lambasted BA for using a link in its correspondence with users as it tried to reassure users and correct the issue. "If you have any concerns, my recommendation would be to contact BA's customer service team (who are probably quite busy right now) and change your British Airways Executive Club password," he said.
"But, please, don't use the link that the BA email includes in its warning message. They should never have included a clickable link when they invited you to reset your password, as that's a classic trick used by criminals phishing for login credentials."
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
British Airways reveals massive data breach, could face £500m fine under GDPRNews The financial and personal details of 380,000 customers were stolen in the hack
-
EU calls EU Passenger Name Record 'unreasonable'News The plans to track passenger details is also unjustified, even though it's designed to combat terrorism
-
United Airlines will reward hackers with air milesNews Bug bounty programme is first of its kind for US airline industry
-
Aeroplane Wi-Fi vulnerable to hacks, FAA report revealsNews The research by the US Government Accountability Office warned IP networks leave flights open to cyber attacks
-
Public Wi-Fi hotspots in hotels and conference centres pose remote access riskNews The vulnerability allows read and write access to an invidual or network's Linux file system
-
Oyster card ‘free travel’ hack to be releasedNews Research behind a hack of the Oyster card will be released which has serious implications for cards using the same MIFARE chip around the world
-
Government launches £9m internet safety ad campaignNews The plan, meant to raise awareness of the dangers of the internet, will launch this summer.
