BA Under Fire For Leaking Passenger Info in Links

Aug 14, 2019 10:00 am Cyber Security 356

BA Under Fire For Leaking Passenger Info in Links

British Airways has come under fire from the security community again, this time after a vulnerability in its e-ticketing system was found to be exposing passenger’s personal information (PII).



Security firm Wandera claimed in a blog post yesterday that the airline was sending out unencrypted check-in links to customers which contained booking reference and surname in the URL itself.



“Therefore, someone snooping on the same public Wi-Fi network can easily intercept the link request, which includes the booking reference and surname and use these details to gain access to the passenger’s online itinerary in order to steal even more information or manipulate the booking information,” the firm explained.



With access to a customer’s account, hackers could then access further identity info including full name, itinerary, email address, phone number and much more – all valuable for use in potential follow-on phishing attacks and identity fraud.



Back in February, Wandera found the same vulnerability in check-in links sent by Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.



The firm recommended airlines use one-time tokens for direct links within emails and require explicit user authentication for all steps where PII is accessible and editable.



The news comes as BA is still reeling from a proposed £183m GDPR fine following security failings that allowed Magecart attackers to harvest customer details from its website.



Cesar Cerrudo, CTO at pen testers IOActive, argued that the focus ..

Support the originator by clicking the read the rest link below.

under leaking passenger links
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!