Air Canada Mobile App Breach Affects 20,000 People
1.7 million use the app, but only about 1% may have been compromised
Air Canada says the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords.
The airline told customers in an email that it "recently detected unusual log‑in behaviour with Air Canada's mobile App between Aug. 22‑24, 2018."
The company estimates about one per cent of the 1.7 million people who use the app may have been compromised.
The app stores basic information such as a user's name, email address and telephone number, all of which could have been improperly accessed.
Any credit card information on file would have been encrypted and as such protected, the company says.
But additional data such as a customer's Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed, if users had them saved in their profile on the app.
As long as app users still have a valid passport and other pieces of supporting documentation, the government says the risk of someone filing for and receiving a new passport in their names is low.
Air Canada said it hasn't detected any improper log-in activity since last Friday, and it is in the process of contacting the 20,000 people directly affected.
In the meantime, the company has locked down all mobile app accounts and is instructing users to reset their passwords.
But many users on social media reported having difficulties doing so, likely due to the volume of people attempting to log on. The company advises anyone looking to get into the app to keep trying.
Chester Wisniewski, principal research scientist at cybersecurity firm Sophos says any stolen information isn't likely to be overly problematic, but it does raise more concerning questions about practices behind the scenes.
"You never want someone to know your name, your birthday and your passport," he said.
He says he thinks its unlikely that the company was targeted by hackers, but rather was simply caught off-guard by an enterprising cybercriminal.
"I suspect hackers stumbled across a bug in the API," he says, referring to the acronym for the application programming interface which is how the app communicates with Air Canada's servers on the back end.
"I don't think they were targeting Air Canada or they were intent on stealing specific info, there's a lot of hackers who are just scrolling the internet looking for doors that are ajar," he said.
"If they find a door that's open they start monkeying around."
He's concerned that the company has advised all customers — even those who's information wasn't accessed — to change their passwords.
Because it's limited to only eight characters, "their password policy was rather antiquated which suggests they weren't doing it right to begin with," he said. "If you stored them correctly you wouldn't do that."
Source: cbc
Latest Jobs
-
- Contact Centre Project Manager
- City of London
- Up to £400 Per Day
-
Contact Centre Project Manager- 6-month contract We currently have a need for an experienced Contact Centre Project Manager to help deliver a 6-month project for one of our Tier 1 Service Provider clients in London. Responsibilities include but not limited to; Execute the project/subproject according to the agreed scope, contractual commitments and budget Develop detailed project plans and associated communications documents Communicate project expectations and updates to team members and stakeholders Recognize resources needed to achieve project objectives Delegate tasks and responsibilities to appropriate team members Plan, schedule and track project timelines and milestones Own the overall responsibility for delivery and service Requirements Must have current or recent experience delivering Contact Center projects, needs experience with the associated products, including Call flow, Inbound/Outbound, Recording Solution, IVR, Experience delivering Hosted Contact Center is highly beneficial Experience with other Unified Communications technology (Telepresence/Video conferencing, managed Audio conferencing, managed VoIP etc.) Experience working within an IT managed services environment. Must be commutable into London Ref RA7265 Day Rate: Up to £400 Per Day Location: City of London
-
- IT Cyber Security Recruitment Consultant – Hot Desk
- Beckenham
- Dependent on Experience
-
We are looking for an IT Cyber Security Recruitment Consultant – Hot Desk who has cybersecurity recruitment experience, with a track record of success. Most of the roles you will be required to recruit for will be within the salary region of £50k - £300k, experience placing candidates at this level is desirable. Responsibilities: To provide a consistent, high-quality level of service to new and current clients in order to build a long term working relationships with clients. Detailed, consultative approach to calling passive candidates in order to profile them in detail, against set criteria of skills and experience given to you by your client Achieve and exceed sales targets. Self-manage your daily tasks in order to make sure that the following day will be as successful as possible Have a structured approach with a solution selling ability as the sales cycles are not as quick.
-
- Technical Pre Sales Consultant
- Greater London
- £65,000 Base + Bonus + Package
-
A Technical Pre Sales Consultant, with a focus on cybersecurity, is needed to join a specialist security services business in the Greater London area. This is a perfect opportunity for anyone looking to retain their technical hands-on skills and step into a presales position. CURRENT hands-on experience is essential as this role will be split between professional services and presales. The Technical Pre Sales Consultant must have current experience working within the cybersecurity industry and have experience engaging with clients face to face. Any experience with scoping, high-level design, proof of concept (hands-on), RFI, RFQ etc is highly desirable Must be commutable to West London. Current technology experience with any of the following vendors such as Check Point, Palo Alto, Varonis, Fortinet, F5, Bluecoat etc. Apply today for more information, all details kept in the strictest of confidence. Key skills: Presales, Pre Sales, Security Presales, Network Security, Managed Security Services Ref CH7538
-
- Data Centre Presales Engineer
- London
- Up to £47,000 Base + Bonus
-
A Data Centre Presales Engineer is needed to join a leading Data Centre business in London. The Data Centre Presales Engineer will be responsible for; Sales Support, Stakeholder engagement (presentations etc.), RFI / RFQ, High-level technical architecture & support etc. This role is client-facing so expect some travel but only across London. Requirements Current presales experience within an IT managed services role. Current experience with Data Centre technology would be extremely beneficial but other experience in industries such as; telecommunications, cloud, unified communications etc. is required. MUST be commutable to London. Ref PG7543