Recently British Airways came into limelight for breach of data reported by its customers. The airline too acknowledged the fact that personal and financial details of customers making or changing bookings had been compromised on a large scale.
Reports suggested that 380,000 transactions were affected, excluding data relating to travel or passport details.
Alex Cruz, head of British Airways, “We’re extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app.”
In recent findings, a cyber-security firm also stated that it had found a malicious code injected into the British Airways website, which may have been a potential reason that led to the breach of data.
A RiskIQ researcher identified a code from British Airways website around the time duration when the breach began. The researched claimed to have identifying evidence of “skimming” script particularly designed to steal financial data from portals.
The researchers also claimed that the malicious code found on British Airways website resembled a group dubbed Magecart, affected the Ticketmaster website recently. Though similar, the code found of British Airways website seemed to have been modified to suit the way the airline’s site.
As per the statement of the researcher, “This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,”
“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”
RiskIQ, further stated that attacks like these are becoming extremely common on third-party portals. The malicious script in this attack consisted of just 22 lines of code which extracted data from BA’s online payment form and then sending it to the hacker’s server as soon as the customer clicked on submission.
Apart from extracting data from the website, the attackers were also able to gather data from the mobile app users as the same code was also found loaded into the app on a page describing government taxes and carrier charges.
Few other findings by cyber security firm like Secure Socket Layer (SSL) certificate, targeting of specific brands, strategy of aiming at third party pay portals makes it evident that the hackers had gone an extra mile to tailor a perfect cyber crime code.
The findings of the attack on a renowned company like British Airways clearly suggests that online portals on such data dealing companies now need to take a stock of evolved cyber hack techniques and accordingly plan prevention.