British airways: How was it hacked?
By MYBRANDBOOK
British airways has warned customers that about 380,000 passengers card payments on its website and app were compromised. According to BA, the breach relates to bookings made between 10:58 pm on 21st August 2018 and 9:45pm on 5th September.
If you have booked a ticket during the above period of breach, British Airways said it is in the process of contacting all effected customers and advising them to contact their bank or card provider and follow their advice. Accordingly to British Airways the incident has been resolved and all systems are working normally.
Though British Airways has not revealed any technical details about this breach, but security experts do have some suggestions on possible methods used.
Personal information including name, email addresses, credit card details, which include credit card number, expiry date and the three digits CVV code where stolen by the hacker. But how could this be possible?
Since the CVV code was stolen, it can be deduced that the breach could have happened at the point of entry, since CVV codes are not meant to be stored by companies and are only used during verification of a transaction. One of a possible way in which this could have been done is by using a script on the website which managed to intercept all the above data.
Websites have been increasingly embedding code from third party suppliers to run payment authorization, for authentication, chat, placing ad etc, it could be possible that one of these scripts, which had access to the above data could be vulnerable or compromised. It could also be possible that an insider, who had access to the system, may have tampered with the website and placed the malicious code.
As per British Airways C.E.O. Alex Cruz, the airline learned of the breach on Thursday and began communicating with passengers within a matter of hours. Cruz has called the attack "malicious" and "sophisticated," adding that it's the first time the airline's website has been hacked since its launch more than two decades ago. BA repeatedly urges customers to contact their bank or credit card provider and follow their instructions to minimize any potential financial losses and "No British Airways customer will be left out of pocket as a result of this criminal cyberattack on its website,ba.com and the airline's mobile app. The airline has guaranteed that financial losses suffered by customers directly because of the theft of this data from British Airways will be reimbursed, and is recommending that customers contact their bank or card provider if they made a booking or change to their booking between 22:58 BST August 21 2018 and 21:45 BST September 5 2018."
The real reason of compromise will only be known once British Airways reveals the details. Such details could help other enterprises to re-audit their security and improve it.
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
MICROTEK INTERNATIONAL PVT. LTD.
ACER INDIA PVT. LTD.
EXIDE INDUSTRIES LTD.
DRUVA SOFTWARE PVT. LTD.
Icons Of India : Arundhati Bhattacharya
Arundhati Bhattacharya serves as the Chairperson and CEO of Salesforce...
Icons Of India : Dilip Asbe
At present, Dilip Asbe is heading National Payments Corporation of Ind...
Icons Of India : GAUTAM ADANI CHAIRMAN ADANI GROUP
Gautam Adani is the Founder and Chairman of the Adani Group, which ran...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday
Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...
Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems
Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...
Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip
Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...