Light Dark
March 31, 2015 By Shane Schick 2 min read

Frequent flier miles are the kind of perk that should make customers more loyal to a company, but reports that cybercriminals have hacked into the accounts of British Airways customers may have some passengers wishing they’d stayed at home.

According to a carefully worded advisory published by the airline, the Avios frequent flier accounts were accessed by a “third party using information obtained elsewhere on the Internet,” but British Airways insisted transaction histories and financial payment details were not compromised. Meanwhile, on the FlyerTalk message forum, posters reported their frequent flier account balances registering zero, and others claimed they were locked out of their accounts entirely.

Frequent flier miles make a prime target for cybercriminals, given their popularity and their connection to detailed profile information. The Independent reported that tens of thousands of British Airways customers have been affected by the security breach. While it may not lead to widespread identity theft, it could still pose challenges for the airline to restore the accurate balances on the affected accounts.

While British Airways has already apologized for the inconvenience and promised to restore service in a few days, according to The Guardian, it’s worth noting that the incident was also aimed at members of its executive club accounts. That means some of British Airways’ most important customers may be unable to use their frequent flier miles until the situation is completely resolved.

The most obvious initial takeaway from the incident, IT PRO noted, is that users of frequent flier programs should ensure they don’t use the same login credentials to access numerous online accounts. Hopefully, even those British Airways customers who weren’t among those affected by this particular breach are already taking that precaution.

Unfortunately, British Airways is by no means the only corporate victim of this sort of crime. As reported by Krebs on Security, researchers recently discovered a security flaw in a similar customer loyalty program for Hilton Hotels. BBC News noted that other incidents have recently taken place involving user accounts on GitHub, a popular repository for open-source software development projects, and Slack, a software-as-a-service offering for unified communications. Even on-demand ride service Uber is rumored to have been hit by a recent breach, though the company has so far denied it.

In British Airways’ case, however, the company may not have helped matters by sending an email with a link asking customers to reset their passwords, Inquisitr said. The last thing anyone needs is to wonder whether such emails are part of a phishing scheme. At the moment, the recent spate of bona fide data breach attempts are enough to confuse anyone.

 |  | 
Shane Schick
Writer & Editor

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature