British Airways e-ticketing leaves passengers' sensitive data at risk
Less than a year on from a breach which exposed the details of hundreds of thousands of customers, British Airways systems are still leaving passengers' personal information at risk.
New research from mobile security provider Wandera has discovered an e-ticketing system vulnerability that leaves passengers' personally identifiable information (PII) exposed.
Through unencrypted check-in links, which are distributed via email by British Airways, hackers intercepting link requests -- on a public Wi-Fi network for example -- are able to access passengers' booking references and surnames. Using these details, hackers are then able to steal even more information or even manipulate the booking via the passengers' online itineraries.
Once an attacker has access to a customer's account they can access email address, telephone number, names and BA membership number, as well as details of the flight such as the booking reference, itinerary, flight number and times, seat number and baggage allowance.
Wandera discovered the flaw in July and notified British Airways of the vulnerability. More details can be found on the Wandera blog.