BRITISH AIRWAYS is still reeling from one of the most spectacular data breaches of the post-GDPR era. Now security boffins think they know what happened.
RiskIQ's Yonathan Klinsma has established that the hack, which saw 380,000 credit card details swiped, was down to "skimming code" embedded in the website. This is the same approach that was used in the Ticketmaster heist back in June and RiskIQ thinks it could well be the same group of hackers.
The code seems to have come from a third-party site of the type that most sites use for payment processing. This is why the credit card details were compromised whilst flight details stayed safe. The data was scraped by the malware, which forwarded it to a server that seems to be based in Romania.
The report explains: "This particular skimmer is very much attuned to how British Airway's payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer."
"The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection."
It concludes, "[the hackers] went from super advanced to simplifying their attacks and [the results] are more insane than ever."
As events like this become more common, there are an increasing number of ways for customers to prevent fraud. Google Pay uses ‘virtual' card numbers which mean that any card logged in the system will be no use for other transactions. Companies like Curve offer "all in one" cards which mean you only need to cancel one card, not all of them.
BA is yet to comment as its own investigation continues but has promised to compensate all customers affected by the breach who have lost money. Meanwhile, a lot of people are waiting for new credit cards. μ
A hard pill to swallow
Right on schedule, sort of
Other drivers also had deep access to system guts
Plus BBC Sounds on Sky and Now TV