British Airways HackGeekheads Team
British Airways has revealed that hackers managed to breach its website and app, stealing data from many thousands of customers in the process.
But how was this possible?
BA has not revealed any technical details about the breach, but cyber-security experts have some suggestions of possible methods used.
Names, email addresses and credit card details including card numbers, expiry dates and three-digit CVV codes were stolen by the hackers.
At first glance, the firm’s statement appears to give no details about the hack, but by “reading between the lines”, it is possible to infer some potential attack routes, says cyber-security expert Prof Alan Woodward at the University of Surrey.
Take BA’s specification of the exact times and dates between which the attack occurred – 22:58 BST, 21 August 2018 until 21:45 BST, 5 September 2018 inclusive.
“They very carefully worded the statement to say anybody who made a card payment between those two dates is at risk,” says Prof Woodward.
“It looks very much like the details were nabbed at the point of entry – someone managed to get a script on to the website.”
This means that as customers typed in their credit card details, a piece of malicious code on the BA website or app may have been furtively extracting those details and sending them to someone else.
Prof Woodward points out that this is an increasing problem for websites that embed code from third-party suppliers – it’s known as a supply chain attack.
Third parties may supply code to run payment authorisation, present ads or allow users to log into external services, for example.
Read More: BBC