What's up with the series of claimed breaches and account lockdowns?

Discussion in 'General Discussion | Travel' started by traveltoomuch, Apr 27, 2015.  |  Print Topic

  1. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    First BA, about a month ago. Then Hyatt. And over the weekend I got a similar note from a domain name registrar.

    Have any of you seen reports of a common thread? Was there a particular source of usernames and passwords that got compromised?

    (As you may have seen, Hyatt only locked accounts with a username other than the HGP member number. Annoyingly, I did not have a username until I went through and changed a bunch of passwords in response to the BA incident mere weeks before.)
     
    jackplum, Newscience and daninstl like this.
  2. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    It's the same as every other target... people are just becoming aware of how badly secured most of these things are, and how much of a market there is for their currency.

    Almost every airline and hotel chain had (or still has) a laughable approach towards security. AA has a 7 character username and only required a numeric password. Hilton, IHG and Hyatt weren't that much better, some with a mandated 4 digit PIN. Chances are that you can easily automate something that will just bang at the login page using random account numbers and commonly used passwords / number combinations and you're bound to hit something sooner or later.

    Then you had the ability to redeem miles / points immediately in order to "cash out" a compromised account, and the ability to do ALL of this remotely over the internet, and it's quite literally a gold mine.

    You can sit far, far away behind a few relays and a VPN and access accounts, and turn their contents into actual currency. All without the effort / cost / risk of actually having to put a skimmer on an ATM, produce fake debit cards and walk to an ATM to make a withdrawal.

    It was just too good to pass up, so it was only a matter of time before the less reputable folks turned their attention towards these programs.
     
    jackplum, Newscience and daninstl like this.
  3. MX

    MX Gold Member

    Messages:
    2,215
    Likes Received:
    4,805
    Status Points:
    2,545
    In other news, TSA saved the nation again today by confiscating many shiny trinkets and breast milk. ;)

     
  4. daninstl

    daninstl Gold Member

    Messages:
    1,288
    Likes Received:
    1,677
    Status Points:
    1,120
    I think what's frustrating to me is that a website will have weak login requirements but then you go to some site like Ticketmaster or some blog or news post and you have to jump through hoops of fire not to mention the whole Capcha deal just to use it.
     
    jackplum and Newscience like this.
  5. iolaire
    Original Member

    iolaire Gold Member

    Messages:
    3,510
    Likes Received:
    5,767
    Status Points:
    4,170
    United sent me an email saying I needed to move from a PIN to a password. And to make sure I log in and check my account regularly, which makes me remember that United doesn't allow me to check my balance via Award Wallet so I go much longer without viewing changes to my account....
     
    jackplum and Newscience like this.
  6. jackplum
    Original Member

    jackplum Gold Member

    Messages:
    1,222
    Likes Received:
    3,212
    Status Points:
    1,970
    Same people designed the packaging for the products formerly known as CDs - one needs a crowbar, oxy-acetylene torch, and a 50 ton press to open
     
    traveltoomuch and MX like this.
  7. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    I AM NOT A ROBOT
     
    daninstl likes this.
  8. WilliamQ

    WilliamQ Gold Member

    Messages:
    4,499
    Likes Received:
    14,268
    Status Points:
    10,675
    But you are in the Matrix..... :eek:

    [​IMG]
     
    daninstl likes this.
  9. daninstl

    daninstl Gold Member

    Messages:
    1,288
    Likes Received:
    1,677
    Status Points:
    1,120
    I am the H.A.L 9000 you may call me Hal. You know I have only the most enthusiasm and confidence in this mission, Dave.
     

Share This Page