Passport Information Accessed By Hacker In Air Canada Breach
The airline shut down services to the mobile application and sent an email to affected users.
On August 28, 2018, Air Canada disclosed that users of its Mobile+ app should immediately change their passwords following a breach that affected close to one percent of user profiles on the platform.
Information users may store on the application in their profile includes:
“Aeroplan number, Passport number, NEXUS number, Known Traveler Number, gender, birthdate, nationality, passport expiration date, passport country of issuance and country of residence.”
Although it’s unclear exactly how the hacker obtained access to Air Canada’s systems, nor the extent of the breach, in a public statement the company revealed, “unusual login behaviour with Air Canada’s mobile App between Aug. 22–24, 2018. We immediately took action to block these attempts and implemented additional protocols to block further repeated unauthorized attempts.” It has been assessed that in total, 20,000 of the application’s 1.7 million user accounts may have been accessed.
Taking an additional precaution, Air Canada has opted to lock all Air Canada Mobile App accounts, forcing users to unlock them by following password reset instructions in an email sent to all affect individuals. Air Canada also stated that aircanada.com accounts are not linked to the mobile app, and thus remain unaffected.
Breaches such as the one Air Canada experienced are fast becoming the status quo as companies housing sensitive information find themselves in the crosshairs of hackers. It serves as a reminder for consumers and companies alike to take a look at our own security, and make corrections where there are possibilities for an attack.
When it comes to best security practices and browsing, MetaCert has you covered with Cryptonite, the add-on for Chrome, Firefox, and Opera browsers. Cryptonite stops phishing sites in their tracks by warning you before you browse, and goes a step further by offering a visual cue with a black shield that turns green whenever you browse a verified web resource that has anything to do with cryptocurrency. This also works for social media account posts, so you can quickly discern a Twitter impersonator from the the real McCoy.
Cryptonite is also the only way that you can participate in the MetaCert Protocol Beta Program, where you’ll get a special opportunity to earn a bonus on tokens.
MetaCert Protocol is the best in the world at one thing — URL Classification.
MetaCert Protocol is decentralizing cybersecurity for the Internet, by defining ownership and URL classification information about domain names, applications, bots, crypto wallet addresses, social media accounts and APIs. The Protocol’s registry can be used by ISPs, routers, Wi-Fi hotspots, crypto wallets and exchanges, mobile devices, browsers and apps, to help address cyber threats such as phishing, malware, brand protection, child safety and news credibility. Think of MetaCert Protocol as the modern version of the outdated browser padlock and whois database combined.
Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.
