A threat management research firm has determined that the same criminal group behind this year’s Ticketmaster UK breach also attacked British Airways in a breach that impacted nearly 400,000 customers.
RiskIQ’s Yonathan Klinjnsma has identified the hackers of the recently infamous British Airways as the Magecard group, notorious for their attack vector of using forms in websites to insert code that siphons customers’ bank card details.
“Magecart set up custom, targeted infrastructure to blend in with the British Airways website specifically and avoid detection for as long as possible,” RiskIQ said today. “While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial.”
Further, the research firm insisted that they had accessed the servers long before the attack, “a stark reminder about the vulnerability of web-facing assets,” the researched added.
While Magecart compromised a third-party supplier with the attack on Ticketmaster, it directly compromised the payment form deployed by British Airways. The exploit raises concerns about payment form security on popular websites that collect sensitive financial data.
“We suggest British Airways customers get a new card from their bank. Some banks have already been proactively issuing new cards for their customers, Monzo is an example of these,” researchers wrote, pointing to the following tweet:
Last night, we contacted 1,300 customers affected by the British Airways data breach and ordered them new cards as a precaution to protect them from fraud.https://t.co/jwmBUagJIv
— Monzo (@monzo) September 7, 2018
Meanwhile, British Airways chief executive Alex Cruz has promised customers impacted by the breach with “100%” compensation and could be looking at footing a large bill, if the stolen card details have been used.
Image credit: Pixabay.