Deutsche Lufthansa AG, the largest airline in Europe, has reported that its website was hacked and its customer database compromised, in an attack which saw cyber-criminals steal frequent flyer miles in order to obtain vouchers and redeem awards.
According to German magazine Der Spiegel, which broke the story, Lufthansa confirmed the web intrusion late on Friday with company representatives subsequently telling reporters that the airline “had not been able to prevent illicit access to some customer files”. These files reportedly included data on a number of passengers.
As for the method of attack, it is believed that hackers used a botnet to crack and match passwords for logging into the airline's online portal. Once the correct combination of username and password was achieved, the hackers could make purchases using the miles on the user's frequent flyer account.
Lufthansa says that any miles spent by the hackers has been re-credited to customers, and has changed customer account information.
This news comes just two weeks after a similar attack against British Airways.