British Airways check-in vulnerability exposes passenger information
British Airways has put passenger personal information at risk after it was found to be emailing unencrypted links to customers in part of its online check-in e-ticketing process.
Researchers at security firm Wandera said such check-in links could be easily intercepted by attackers, say those lurking on a public Wi-Fi network, and allow malicious actors to view and change the flight booking details and personal information of passengers.
“In an effort to streamline the user experience, passenger details are included in the URL parameters that direct the passenger from the email to the British Airways website where they have logged in automatically so they can view their itinerary and check-in for their flight,” explained Wandera. “The passenger details included in the URL parameters are the booking reference and surname, both of which are exposed because the link is unencrypted.”
Other information that could be exposed by the flaw includes email address, phone number, membership number, first and last name, booking reference, itinerary, flight number, flight times, seat number and baggage allowance.
Wandera’s threat research team discovered the flaw last month after someone accessed BA’s e-ticketing system from its network. The firm has previously discovered similar vulnerabilities affecting airlines such as Southwest, KLM, Air France, Jetstar, Thomas Cook, Vueling, Air Europa and Transavia.
It recommends that airlines adopt encryption throughout their check-in process, require user authentication for steps where personal information could be accessed, utilise one-time time tokens for email links and ensure users have mobile security deployed.
Israel Barak, the chief information security officer at Cybereason, said: "The British Airways vulnerability again sheds light on the difficulty airlines, and all corporations for that matter, are having protecting the backbone of their organisations - customer data.
“This isn't the first vulnerability either, as many as 10 airlines were reportedly investigating a similar vulnerability earlier this year. Kudos to British Airlines for acknowledging the incident and for them working quickly to solve any outstanding issues.
“For the consumer flying with British Airways, or with other carriers, they should be working under the assumption that their personal information has been compromised many times over. “
The news comes after nearly 300 flights were delayed or cancelled at London's Heathrow, Gatwick and City airports when BA faced a major IT outage. And in July, it was fined a record £183 million for GDPR violations.
source itpro
Industry: Cyber Security
Latest Jobs
-
- Sales Engineer (Telecoms, MPLS, Cloud Services)
- London
- Upto £85,000 + 20% bonus + benefits
-
Sales Engineer / Presales Consultant is needed for this Global Tier 1 carrier. The Sales Engineer / Presales Consultant will be responsible for Working with Enterprise customers helping to design Cloud solutions Working alongside sales providing presales technical consultancy around my client's cloud services. Providing support for new business opportunities in terms of responding to RFIs & RFPs, understanding customer network requirements, high-level network architecture & design (including supplier selection on a global basis) and technical handover to network implementation teams. This is a great opportunity to join a global player who are growing their Cloud services. The Sales Engineer / Presales Consultant should have a successful track record in the telecommunications arena ideally from a global tier 1 ISP or network provider, with a demonstrable track record in designing complex enterprise solutions. The Sales Engineer / Presales Consultant needs to be technically astute and has had experience in the design, presentation, and implementation of Wide Area Networks (WAN). They need to understand a range of Layer 1, 2, and 3 technologies (Ethernet, SDH, MPLS, IP, etc) and build a solution based on the best technology to meet a customer’s requirements. In addition, they should have an understanding and experience in Infrastructure solution design for optimising end-user experience when interacting with enterprise platforms notably MS O365, SFDC, Azure and AWS · Unified threat Management security solutions (i.e. firewall, IPS/IDS, web filtering and proxy) · Network routing and switching protocols and technologies (esp. Cisco) · SD-WAN and SDN technologies Skilled · Experience in designing and deploying hybrid cloud architectures and managing migrations from physical to virtual environments If you have any questions about this role, give us a call on 0044208 663 4030 or contact/send your CV to robert.anderton@dclsearch.com Ref RA7292 (Telecommunications Jobs, Telecoms Jobs, Cloud Computing Jobs, Cloud Jobs, Presales Jobs, Sales Engineer Jobs, Sales Engineering Jobs)
-
- IT Recruitment Consultant
- Beckenham
- £40,000 - £100,000 Dependent on Experience
-
IT Recruitment Consultant (IT Recruitment, IT Recruitment Consultant, Sales Consultant, Business Development, Business Development Manager, Recruitment Consultant, Sales Consultant, B2B Sales, Business to Business Sales, Business-To-Business Sales, Executive Search Consultant, IT Executive Search Consultant, IT Headhunter, Recruitment Headhunter) DCL Search & Selection are a well-established niche IT Recruitment company who benefit from 25+ years of exceptional market knowledge across sectors such as; Cyber, Cloud, Data Centre, UC & FinTech sectors. As an Experienced IT Recruitment Consultant you should have a proven track record of achieving and exceeding your sales targets. You should want to progress your sales career within an IT Recruitment capacity and want to learn your industry inside and out whilst striving to be a driven, ambitious high achieving 360 recruiter. What we will offer you: We are always rewarding individual achievements One of the best commissions in the industry paying up to 30% commission with no threshold and accelerators plus we offer monthly dinner clubs where you can join the big billers to prestigious venues such as – The Worsley, Scotts, ROKA, SUMOSAN, ZUMA, UMA SUSHISAMBA, Gaucho, OBLIXs, and other top restaurants. CRM database training on our industry-leading system that has an exceptional amount of both Clients and Candidates. Endless training both in-house and external from some of the best recruitment trainers in the industry to help enhance your current sales skills as well as develop essential recruitment ones Endless amount of support; Our Resourcer’s can help find the best candidates for your vacancies. Minimal Admin work; our admin team can help reduce your time with paperwork, searches etc. You will get the opportunity to engage and work alongside international and national business. Rapid promotion for achievers Responsibilities: To win new business/ develop existing relationships. To build long term working relationships with Clients Consultative approach to calling passive Candidates in order to profile them in detail, against set criteria of skills and experience given to you by your Client Achieve and exceed sales targets Self-manage your daily tasks in order to make sure that the following day will be as successful as possible Have a structured approach with a solution selling ability as the sales cycles are not as quick. What you should be able to offer us: Previous B2B / Business to Business Sales Experience Excellent telephone manner and English Communication skills Professional, fast-paced, driven and ambitious individual Mature and honest personality with a passion to succeed Commitment to your work/ going above and beyond to ensure the best outcome for yourself, company and the candidates/clients you will be working with on a daily basis A natural approach to networking with people at all levels Knowledgeable/capable of working and interacting with social media. Company Culture: At DCL whilst we operate in a mature working environment we have a young, vibrant, bubbly feel to most of our working day's and anyone joining the company will feel part of the team in no time. We regularly organise work events (Go Karting, Thorpe park, etc) as well as a number of work nights out in the local Bar's/Club's, as we feel it is important to mingle with your work colleagues both inside and outside of the office. (Recruitment, Resourcing, Business Development, IT, Sales, Sales Executive)
-
- Enterprise Sales Director (Telecommunications)
- London
- £250,000 Package
-
DCL are currently working on behalf of an international telecommunication business that is on the lookout for an Enterprise Sales Director in London. The Enterprise Sales Director will be responsible for leading a team and protecting and growing large enterprise accounts while also bidding and winning new business directly in the FTSE 100 / 250 market. The Enterprise Sales Director will also take ownership of building the sales team. Preference will be given to candidates who possess: Exceptional knowledge within the Telecommunications (Data Communications) Industry. Current Experience selling solutions such as WAN, SDWAN, Cloud & Cyber Security. Current work experience in other major telecom operators. Current experience managing a successful sales team within a telecoms environment Track record with winning FTSE 100 / 250 accounts and hitting or overachieving against a target Sales Director Jobs, Telecoms Jobs, Telecommunications Jobs Reference Number: BD7513
-
- IT Cyber Security Recruitment Consultant – Hot Desk
- Beckenham
- Dependent on Experience
-
We are looking for an IT Cyber Security Recruitment Consultant – Hot Desk who has cybersecurity recruitment experience, with a track record of success. Most of the roles you will be required to recruit for will be within the salary region of £50k - £300k, experience placing candidates at this level is desirable. Responsibilities: To provide a consistent, high-quality level of service to new and current clients in order to build a long term working relationships with clients. Detailed, consultative approach to calling passive candidates in order to profile them in detail, against set criteria of skills and experience given to you by your client Achieve and exceed sales targets. Self-manage your daily tasks in order to make sure that the following day will be as successful as possible Have a structured approach with a solution selling ability as the sales cycles are not as quick.