Earlier this week, it was reported that British Airways had suffered a data breach which exposed the details of a number of frequent-flier Executive Club accounts. It is thought that the breach is the result of a third party that used information obtained elsewhere on the Internet to gain access to some accounts using an automated process. British Airways has reassured customers that their sensitive information was unlikely to have been affected, but has advised users to reset their passwords as a precaution.
On a similar note, taxi app Uber has been forced deny claims that its servers were hacked after reports that thousands of customer usernames and passwords were available to buy online.
These two stories provide yet another example of the importance of strong online passwords that are not reused across numerous websites and online services. Cybercriminals are becoming increasingly determined to access user credentials, with advanced automated tools that are designed to seek and steal usernames and passwords with minimal effort. As such, we hear time and time again about breaches stemming from hackers using these smash and grab techniques to build a database of credentials and then effectively ‘trying every key in the lock’ until it opens.
No matter how watertight a business believes its IT security position to be, there will always be a weak point just waiting to be exploited by cybercriminals and these are often linked to password security. Organizations must, without exception, be continually monitoring their systems for any anomalous activity that could indicate a breach—particularly those with a strong emphasis on customer service, like British Airways. This protective monitoring will shorten the time to detect and respond to security incidents, leading to reduced fallout for their customers. On that note, British Airways should be commended for identifying the breach and taking the proactive step of locking down all user accounts before any real damage could be done.