Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Canada Privacy Security

Air Canada Mobile App Breach Affects 20,000 People (www.cbc.ca) 15

Air Canada told customers in an email today that the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app. As a precaution, the airline locked down all 1.7 million accounts until customers change their passwords. CBC.ca reports: The app stores basic information such as a user's name, email address and telephone number, all of which could have been improperly accessed. Any credit card information on file would have been encrypted and as such protected, the company says. But additional data such as a customer's Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed, if users had them saved in their profile on the app. Air Canada said it hasn't detected any improper log-in activity since last Friday, and it is in the process of contacting the 20,000 people directly affected.
This discussion has been archived. No new comments can be posted.

Air Canada Mobile App Breach Affects 20,000 People

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Wednesday August 29, 2018 @06:06PM (#57221066)

    as some of that info can be used for fraud

  • The article shares little details. The so called app flaw seems to be a flow in server-side API, but we are not told about its nature and criticity.
    • by chrish ( 4714 )

      The email they sent out was similarly useless. "Someone was up to no good, but nobody needs to worry about anything!"

      Also, the link they provided to change your credentials doesn't work. I didn't want to do it via the app because I use a password manager, and doing useful things on a touch device is a pain in the ass.

  • I'd think Ryanair would be the first.
  • Air Canada states they haven't detected any improper login attempts, etc since the breach was discovered.

    They probably aren't going to either ... people who steal credentials from insecure servers generally wait about six months before they use the data against the victims. This makes the source of the purloined data more difficult to detect.

    Unlike in the US, Canadian Social Insurance Numbers (equivalent to Social Security numbers in the US) are not generally used as ID. The Government of Canada warns citiz

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...