2.3 C
New York
December 14, 2018
British Airways: Suspect code that hacked fliers 'found'

British Airways: Suspect code that hacked fliers ‘found’

A BA planeImage copyright
Getty Images

Image caption

The data breach affected 380,000 transactions by BA customers

A cyber-security firm says it has found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions.

A RiskIQ researcher analysed code from BA’s website and app around the time when the breach began, in late August.

He claims to have discovered evidence of a “skimming” script designed to steal financial data from online payment forms.

The BBC has contacted BA for comment.

A very similar attack, dubbed Magecart, affected the Ticketmaster website recently, which RiskIQ says it also analysed in depth.

The company says the code found on the BA site is very similar, but appears to have been modified to suit the way the airline’s site was designed.

“This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,” the researcher wrote in a report on the findings.

“The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

Hacks like this make use of an increasingly common phenomenon, in which large websites embed multiple pieces of code from other sources or third party suppliers.

Such code may be needed to do specific jobs, such as authorise a payment or present ads to the user. But malicious code can be slipped in instead – this is known as a supply chain attack.

Data grab

RiskIQ said the malicious script consisted of just 22 lines of code. It worked by grabbing data from BA’s online payment form and then sending it to the hackers’ server once a customer hit the “submit” button.

The cyber-security firm added that the attackers had been able to gather data from mobile app users as well because the same script was found loaded into the app on a page describing government taxes and carrier charges.

“The page [in the app] is built with the same… components as the real website, meaning design and functionality-wise, it’s a total match,” the RiskIQ report noted.

Media playback is unsupported on your device

Media captionBritish Airways’ chairman and CEO says affected customers will be 100% compensated

RiskIQ recommended that BA customers affected by the breach get a new debit or credit card from their bank.

The firm pointed out that whoever was behind the attack had apparently decided to target specific brands and that more breaches of a similar nature were likely.

More to follow

Source BBC News

Related posts

Amazon sackings ‘follow sales data leaks’


iPhone XR: Apple's event in 90 seconds


Web creator works to liberate personal data


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More