Air Canada Mobile App Breach Affects 20,000 People
1.7 million use the app, but only about 1% may have been compromised
Air Canada says the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords.
The airline told customers in an email that it "recently detected unusual log‑in behaviour with Air Canada's mobile App between Aug. 22‑24, 2018."
The company estimates about one per cent of the 1.7 million people who use the app may have been compromised.
The app stores basic information such as a user's name, email address and telephone number, all of which could have been improperly accessed.
Any credit card information on file would have been encrypted and as such protected, the company says.
But additional data such as a customer's Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed, if users had them saved in their profile on the app.
As long as app users still have a valid passport and other pieces of supporting documentation, the government says the risk of someone filing for and receiving a new passport in their names is low.
Air Canada said it hasn't detected any improper log-in activity since last Friday, and it is in the process of contacting the 20,000 people directly affected.
In the meantime, the company has locked down all mobile app accounts and is instructing users to reset their passwords.
But many users on social media reported having difficulties doing so, likely due to the volume of people attempting to log on. The company advises anyone looking to get into the app to keep trying.
Chester Wisniewski, principal research scientist at cybersecurity firm Sophos says any stolen information isn't likely to be overly problematic, but it does raise more concerning questions about practices behind the scenes.
"You never want someone to know your name, your birthday and your passport," he said.
He says he thinks its unlikely that the company was targeted by hackers, but rather was simply caught off-guard by an enterprising cybercriminal.
"I suspect hackers stumbled across a bug in the API," he says, referring to the acronym for the application programming interface which is how the app communicates with Air Canada's servers on the back end.
"I don't think they were targeting Air Canada or they were intent on stealing specific info, there's a lot of hackers who are just scrolling the internet looking for doors that are ajar," he said.
"If they find a door that's open they start monkeying around."
He's concerned that the company has advised all customers — even those who's information wasn't accessed — to change their passwords.
Because it's limited to only eight characters, "their password policy was rather antiquated which suggests they weren't doing it right to begin with," he said. "If you stored them correctly you wouldn't do that."
Source: cbc
Latest Jobs
-
- Senior Service Desk Analyst
- Wiltshire
- Up to £32,000 Base + £6,400 Shift Allowance
-
We are currently working on behalf of an IT Service Provider based in Wiltshire who are on the lookout for a Senior Service Desk Analyst. The Senior Service Desk Analyst will be responsible for logging, managing and escalating internal & external incidents and requests. This is an excellent opportunity to join a business recognised for what they do and work with a number of top UK businesses. You’ll be able to manage your career development and gain additional training e.g. certifications etc. This role will include a shift (4 days on then 4 days off) which covers 24/7 12 hour shifts The ideal candidate will be currently working in a IT service desk / IT support role ideally in an IT Services business. Reference Number: PG7476 (Service Desk Administrator, Analyst, Support, Service Desk Support, shift work, traning, Information Technology, Customer service, Customer support)
-
- Data Centre Service Delivery Manager
- Hertfordshire
- Up to £50,000 + Package
-
A Data Centre Service Delivery Manager is needed to join a specialist connectivity provider in Hertfordshire. The company is going through a huge growth programme and this is an excellent opening for someone to join a business who are working with globally recognised organisations. You’ll be responsible for: Supporting the Commercial Director with management of existing and potential customers being the main point of contact. Maintaining and improving the company’s current and new services Customer relationship management Attending customer meetings in order to provide guidance to customers Keeping up a high quality level of service Updating appropriate documentation such as policy and procedures and making sure these are in place and followed Change and Incident management Service Level Agreements Experience required Must have current experience working in a Data centre environment in a Service Delivery role. An understanding of Data Centre technology and terminology. Experience of dealing with people of all levels within a business (Engineers to Board level) In return you'll have the ability to work in a cutting edge environment and work with a variety of well known international clients REF: PG7475
-
- Project Manager (Cisco, Microsoft)
- Surrey
- £450 Per Day
-
Project Manager (Cisco, Microsoft) A Project Manager with current experience on multiple Cisco (Networking, Security, UC etc.) & Microsoft (Server, Cloud etc.) projects is needed an initial 3 month contract in Surrey. Our client need someone who is Immediately Available as this is an Urgent Requirement. £450 per day Reference Number: CH7470 (Cisco Project Manager, Microsoft Project Management, Project Management)
-
- Data Centre Account Director
- London
- Up to £80.000 base with uncapped commission
-
Our client is looking for a Data Centre Account Director, the goal of this position is to be a trusted partner / primary point of contact and to achieve sales and margin expectations. You will also be growing new business and long-term growth across data centre services, Building good customer relationship at all levels for revenue growth and customer retention Working with presales specialists to propose relevant and cost effective data centre solutions for customers Understanding and identifying customers’ needs Leading bids, RFPs and proposals submissions Driving new business 60% of your time to new hyperscalers or enteprise customers. The ideal candidate should possess 5 years’ experience in selling Data Centre services. Self-driven, energetic, resourceful, creative and good account management skills and new business skills Ability to build good customer relationship at all levels, Be able to work independently. Reference Number: BD7467 (Data Centre, Data Center, Data Centre Sales, Data Center Sales)