British Airways leak exposes outdated password systems

The details of frequent flier Executive Club accounts have been leaked after the British Airways network was breached, it was reported yesterday. 

Thought to be a result of a third-party exploiting information gained through the internet to access accounts via an automated process. British Airways advises users to reset their passwords as a precautionary measure, though the airline maintains that it is unlikely customers' sensitive information has been affected.

This breach underscores the importance of strong passwords and log in precautions. “Cyber-criminals are becoming increasingly determined to access user credentials, with advanced automated tools that are designed to seek and steal usernames and passwords with minimal effort,” Ross Brewer, vice president and managing director for international markets at LogRhythm, commented on the incident in an email to SCMagazineUK.com. “No matter how watertight a business believes its IT security position to be, there will always be a weak point just waiting to be exploited by cyber-criminals and these are often linked to password security.”

“Organisations must,” Brewer continued, “without exception, be continually monitoring their systems for any anomalous activity that could indicate a breach – particularly those with a strong emphasis on customer service, like British Airways.”

“Reusing stolen logins from one service to another is one of the oldest password related scams out there,” Brian Spector, CEO of Certivox, commented to SCMagazineUK.com. “But unfortunately something that will continue to happen whilst companies insist on using this outdated authentication method.”

He also noted that though “British Airways has communicated proactively with its users and is working to determine the scale of the problem, the reputational damage has already been done.”