Error Canada: Airline tells customers to reset mobile app after attack
Clumsy Canucks app poutine passport data in hacker's hands
Air Canada is advising customers to reset the passwords on their mobile app after the airline detected a potential network break-in.
“We detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018. We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts,” Air Canada said in a notice to customers.
“As an additional security precaution, we have locked all Air Canada mobile App accounts to protect our customers’ data.”
Air Canada estimates that as many as 20,000 of the 1.7 million people who use the app may have had their profiles accessed by hackers. Customers who were exposed will be contacted directly via email. Everyone who uses the app, however, is being advised to reset their password as a precaution.
The lost data consisted of: Aeroplan number, passport number, NEXUS number for expedited screening, known traveler number, gender, birth date, nationality, passport expiration date, passport country of issue and country of residence.
Fender's 'smart' guitar amp has no Bluetooth pairing controlsREAD MORE
The airline said that credit card information remains protected and that no other data from its Aeroplan frequent flier program was accessed. The airline notes that while some users stored passport information on the app, the exposed data would not be enough on its own to allow for a new passport to be issued.
Aircanada.com accounts are not linked to the mobile app accounts and therefore are not believed to have been exposed.
While it doesn’t seem that any of the lifted information could be used by a criminal to make fraudulent reservations or obtain a passport under the victim’s identity, Air Canada says it is advising all customers to keep an eye on their bank statements and Aeroplan accounts for any unauthorized transactions.
As of Wednesday, it seemed customers were taking the advice to heart. So many people were attempting account resets that people are now being told wait a little while to change their passwords.
“Due to the large volume, some customers may experience a delay in the process to change their passwords,” the airline said.
“We ask customers to be patient and assure them their data is protected and not accessible to unauthorized users. We apologize for the delay. Please wait several hours and try again.” ®
Sponsored: Becoming a Pragmatic Security Leader