How did hackers breach into British Airways?

In a recent data breach incident, British Airways experienced a data breach compromising almost 400,000 users’ data. The stolen information includes names, email addresses, and credit card details. The hack once again raises eyebrows on the strength of the IT systems at major companies as they expand their business online.

The attack reportedly took place between 21st August and 5th September leaving the airlines vulnerable to financial fraud. Customers who had done their bookings between these particular dates were affected by the breach. CEO of British Airways has also announced a compensation to the customers who have had their data stolen. The airlines also advised people to contact their bank or credit card company if they had used their website or app for any booking.

How did the attack take place?

The airlines didn’t reveal any technical details about the breach, but there are some possible methods that might have been used. As the reports claim that anybody who made a card payment between those two dates is at risk, it is much likely possible that someone was extracting details at the point of entry on the website.

This means if a user is typing his credit card credentials on their official website, a piece of malicious script or code might be secretively pulling out those details to some third-party user. Such an attack can be described as a supply chain attack. Usually, some websites embed code from third-party suppliers. These third parties typically supply code to run payment authorization, present ads or even allow users to log into external services.

Supply Chain attack

There is no solid evidence of whether the attack was a supply chain attack but it is highly relatable to a breach that affected the online ticketing company Ticketmaster recently. There arises one more possibility of infiltration, i.e. Insider threat, responsible for tampering with website and app’s code for malicious intent. As the CVV number was also extracted in the attack, there is a high possibility that the details were lifted in a live environment.

Companies never cache the CVV number during payments, so there has to be a direct compromise of the credentials on the website or compromise of a third-party vendor.

What are the security measures companies should adopt?

Companies or private firms using third-party codes or payment gateways on their websites need to have their endpoints secured profoundly. They should implement robust security services and policies in order to keep their network and database safe from such breaches.

Some of the important security measures are:

· Application security testing: Web and Mobile Applications are the primary entry point for attackers. Application security testing should be a mandatory security practice every organization should employ for smooth business functioning.

· PCI DSS: PCI DSS is a necessary compliance for any company dealing in online transactions or storing credit card data. Failure to protect online transactions can invite severe sanctions and penalties under the cyber laws of the country.

As the digital era is growing at a rapid pace, intruders are also finding new ways to infiltrate the networks. The intention of hacks may vary in a number of ways, but the sole motive lies beneath the disruption of any scaling business.

Written by

Kratikal is an end to end cyber security solutions provider. We secure organisation’s applications, infrastructure and people for smooth business functioning.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade