British Airways Frequent Flyers Report Stolen Air Miles

By on Apr 01, 2015

Frequent flyers, beware. Tens of thousands of accounts may have been compromised due to an automated attack against British Airways, according to The Guardian. This automated attack appears to have used information found elsewhere on the Internet (other previously leaked login info, for example) to gain access to British Airways accounts.

The incident first came to light when members of the British Airways’ Executive Club reported their reward points stolen, though the full scope of the hack is unknown. The popular airline said no personal information, such as names, addresses or credit card numbers had been compromised or stolen. British Airways said it has frozen affected accounts while the attack is under investigation.

The current theory behind how this attack was pulled off is that a compromised website sharing information with British Airways, such as popular hotel chain, that suffered a security lapse from a basic flaw allowed hackers to gain access to the customer login information. Assuming that customers on one website used the same login information (username and password) across multiple sites, this could, in theory, lead to compromised accounts across dozens of websites. It’s a domino effect, and it’s growing more problematic as more services leverage the Internet to reach customers. This is what’s known as “daisy chaining” in the security industry and is almost completely preventable by using different passwords for different accounts.

So what can you do to protect yourself online? Well, a lot actually. Here are a few tips to keep in mind:

  • Use unique passwords for all your logins. Each service you use should have its own unique, complex password. These passwords should consist of at least eight characters, contain numbers, symbols and use a combination of upper and lower case letters. For safety, you should change these passwords every six months. For a good primer on how to create strong passwords, go to passwordday.org. 
  • Use a password manager. Using a password manager is becoming less a matter of convenience and more a matter of security. Remembering unique passwords for every site is nearly impossible. Password managers can do this for you, and they can help you create long and complicated passwords that are not easily guessable. Additionally, they can protect you from malicious software that records your keystrokes and, by extension, your password.
  • Use comprehensive security. One easy way to help protect yourself from the latest malware variants is to use a comprehensive security solution. McAfee LiveSafe™service is one of those solutions. McAfee LiveSafe helps to steer you away from malicious websites, links and files across all devices.
  • Enable multi-factor authentication. I’ve discussed the benefits of two-factor authentication before, but it bears repeating: Having your online presence verified by both something you know (like a password) and something you have (like a smartphone) is one of the strongest methods of preventing unauthorized access to your account. True Key™ by McAfee allows you to log into sites and apps using multiple factors that are unique to you, like your face and fingerprints and the devices you own.

And, of course, stay on top of the latest consumer and mobile security threats by following myself and @McAfee_Home on Twitter and Like us on Facebook.

GaryNasdaq_NCSA_Conference_panel small

About the Author

McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

Subscribe to McAfee Securing Tomorrow Blogs