Mobile app hit in cyberattack that compromised 20K user accounts.
Air Canada has alerted users of its mobile app of a data breach that exposed personal information – including stored passport numbers – of some 20,000 users.
The airline said after noticing "unusual login behavior" on the Mobile+ app from Aug. 22 to 24, it blocked that traffic and locked all Air Canada mobile app accounts. Customers now must reactivate their accounts on the app, which is back up and running.
"We contacted potentially affected customers directly by email starting Aug. 29 to tell them if we determined their account may potentially have been accessed improperly," Air Canada said on its website. "We are also requiring all Air Canada mobile app users to re-set their passwords using improved password guidelines to further enhance security measures. A more robust password provides an extra layer of protection."
Account-holder names, email addresses, and telephone numbers were exposed in the breach, in addition to passport numbers of those users who stored that information in their profiles. The airline has some 1.7 million mobile app users but said only 1% of the user accounts were accessed by the attackers.
Read more here.
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024