The UK-based airline told The guardian that users’ personal data, such as names, addresses, travel history, credit card information or other personal identifying information have not been stolen. However, British Airways has temporarily frozen affected accounts, and declared that some people may not be able to access their cash until the issue is resolved.
The company spokesperson reported:”British Airways has become aware of some unauthorized activity in relation to a small number of frequent-flyer executive club accounts. This appears to have been the result of a third party using information obtained elsewhere on the internet, via an automated process, to try to gain access to some accounts.” However there is currently no knowledge concerning who is behind the system intrusion.
As the British Airways frequent flyer club is free to join so it captivates thousands of members, only a small fraction of users has been affected by the attack. However, on Twitter, some flyers have complained that their accounts had been breached and claimed that their Avios reward points had been stolen. According to forum posts, many account points have been set to zero or customers locked out entirely.
However the security researchers had discovered a basic flaw that appeared to allow anyone to steal email and home address information, trip data, and spend points of Hilton Worldwide “HHonors” loyalty club members.
The British airline has apologized, and confirmed that it is investigating the breach: “We are sorry for the concern and inconvenience this matter has caused, and would like to reassure customers that we are taking this incident seriously, and have taken a number of steps to lock down accounts so they can no longer be accessed.”