British Airways Frequent Flyers Report Stolen Air Miles

By on Apr 01, 2015

Frequent flyers, beware. Tens of thousands of accounts may have been compromised due to an automated attack against British Airways, according to The Guardian. This automated attack appears to have used information found elsewhere on the Internet (other previously leaked login info, for example) to gain access to British Airways accounts.

The incident first came to light when members of the British Airways’ Executive Club reported their reward points stolen, though the full scope of the hack is unknown. The popular airline said no personal information, such as names, addresses or credit card numbers had been compromised or stolen. British Airways said it has frozen affected accounts while the attack is under investigation.

The current theory behind how this attack was pulled off is that a compromised website sharing information with British Airways, such as popular hotel chain, that suffered a security lapse from a basic flaw allowed hackers to gain access to the customer login information. Assuming that customers on one website used the same login information (username and password) across multiple sites, this could, in theory, lead to compromised accounts across dozens of websites. It’s a domino effect, and it’s growing more problematic as more services leverage the Internet to reach customers. This is what’s known as “daisy chaining” in the security industry and is almost completely preventable by using different passwords for different accounts.

So what can you do to protect yourself online? Well, a lot actually. Here are a few tips to keep in mind:

  • Use unique passwords for all your logins. Each service you use should have its own unique, complex password. These passwords should consist of at least eight characters, contain numbers, symbols and use a combination of upper and lower case letters. For safety, you should change these passwords every six months. For a good primer on how to create strong passwords, go to passwordday.org. 
  • Use a password manager. Using a password manager is becoming less a matter of convenience and more a matter of security. Remembering unique passwords for every site is nearly impossible. Password managers can do this for you, and they can help you create long and complicated passwords that are not easily guessable. Additionally, they can protect you from malicious software that records your keystrokes and, by extension, your password.
  • Use comprehensive security. One easy way to help protect yourself from the latest malware variants is to use a comprehensive security solution. McAfee LiveSafe™service is one of those solutions. McAfee LiveSafe helps to steer you away from malicious websites, links and files across all devices.
  • Enable multi-factor authentication. I’ve discussed the benefits of two-factor authentication before, but it bears repeating: Having your online presence verified by both something you know (like a password) and something you have (like a smartphone) is one of the strongest methods of preventing unauthorized access to your account. True Key™ by McAfee allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.

And, of course, stay on top of the latest consumer and mobile security threats by following myself and @McAfee_Home on Twitter and Like us on Facebook.

GaryNasdaq_NCSA_Conference_panel small

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs