Air Canada is forcing all users of its Mobile+ app to change their passwords after hackers managed to access the profile information, including names, email addresses, birth dates and passport details of some customers.
The company detected unusual login behavior through its mobile application between Aug. 22 and 24 that might have resulted in unauthorized access to around 20,000 profiles, or approximately 1 percent of the app’s 1.7 million users.
“Starting Aug. 29, 2018, we have sent emails to customers whose accounts may have been improperly accessed,” the company said on its website. “If you did not receive an email from Air Canada specifically advising you that your Air Canada mobile App account may have been improperly accessed, we are confident your account was unaffected during this period. As an additional precaution however, we are contacting all Air Canada mobile App users requiring all users to re-set their passwords.”
In addition to basic information such as name, email address and telephone number, an Air Canada customer’s profile can also include Aeroplan number, passport number, NEXUS number, Known Traveler Number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence.
Credit card information can also be associated with profiles, but the company said this data is encrypted and stored in compliance with payment card industry standards.
Air Canada didn’t reveal how hackers managed to gain access to customer accounts but said that users will have to reset their password “using improved password guidelines to further enhance security measures.” This suggests that it might have been a brute-force password guessing attack or a credential stuffing attack, where hackers try to access accounts using passwords leaked in data breaches from other services.
Security researchers have warned in the past that airline websites are using weak password schemes and that the whole global travel booking system, where flight and passenger information is exchanged between companies, uses highly outdated security.
“The security of Air Canada’s systems is of paramount importance, and Air Canada takes security of its customers’ privacy and data very seriously,” the airline said. “Air Canada approaches security in a multi-layered manner, and we also work with leading cyber security and industry experts to detect irregularities and take action quickly. We continuously improve our practices as technology and security practices evolve.”
Loki Bot Targets Businesses with ISO Email Attachments
Security researchers warn of a new email spam campaign that targets corporate mailboxes and distributes the Loki Bot information-stealing malware.
According to researchers from antivirus firm Kaspersky Lab, the campaign started in July and is ongoing. The attackers appear to have scraped business email addresses from online sources, including companies’ websites.
Loki Bot is not a new threat and spam campaigns distributing this Trojan program have targeted users for years. The malware is designed to steal passwords stored in browsers, messaging applications, email and FTP clients. Recent versions also target cryptocurrency wallets.
This new spam campaign is unusual because the malicious email attachments that contain the malware have the .iso extension. ISO is a file format for storing copies of optical discs, so it’s rarely used by attackers.
“Whereas in days of yore users needed dedicated software to open this type of image, today’s operating systems support the format out of the box, and if you want to access the contents of the file, all you need to do is double-click,” the Kaspersky researchers said in a blog post.
The rogue emails are made to appear as if they originate from known companies and masquerade as invoices, transfers, payments and other financial documents. This is a common technique for spammers because corporate employees are used to receiving such files from suppliers, banks and other business partners, so are more likely to open them.