Summer air travel is always a challenging affair: long queues to check in baggage, irritated (and, at times, irritating) service staff, flight delays, and the occasional airline mobile app hack.
During August 22-24, Air Canada published an advisory that hackers had possibly breached about 20,000 customer records through its mobile app. The app is based on the Aeroplan platform, operated by Aimia Inc, a Canadian company that operates a travel loyalty rewards program.
The airline said in its notification to all the 1.7 million users of its app that, “We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts.” When Air Canada wrote this, they had not publicized if there was a direct breach of the airline’s systems or if hackers had attempted to reuse passwords from other sites that may have also been used on Air Canada’s mobile app.
What Is at Stake in the Hack?
Air Canada’s statement to its mobile app users said the cybercriminals may have gained access to names, email addresses, and phone numbers. Further, the hack may have exposed even more sensitive data, like passport numbers and expiration dates, the country of issuance for the passports, and other information commonly found on any passport.
The BBC reported that The City of London’s Action Fraud cited that the “consequences of having your passport information accessed can be severe”.
The Agency identified that banks, insurance firms, and mobile phone providers were just some kinds of businesses that ask for the data to open accounts. The organizations do not always require a physical document as proof of identity.
Some consequences to victims that have had their passport information stolen include destroyed credit scores and bills from vendors they’d never dealt with before. It can take months at a minimum to clean up the damage to personal credibility.
Action Fraud also stated that in some cases criminals have used stolen passport data to obtain genuine documents like drivers’ licenses and new passports.
What’s the Password
Air Canada did not provide details about how the data breach occurred. However, their letter to customers cited the attack involved “unusual login behavior.” Possibly, the cybercriminals attempted to use passwords stolen from other sites. One cybersecurity analyst noted that the airline’s mobile app password requirement was simply, “six- to 10-characters with no special characters allowed.”
The airline said in a notice to customers that it had detected “unusual login behavior.” The alert added, “We immediately took action to block these attempts and implemented additional protocols to protect against further unauthorized attempts.”.
App Shielding More Important Than Ever
As consumers are increasingly using mobile devices for financial transactions and storing sensitive personal information, criminals are starting to focus their efforts on designing malware to steal user credentials and other sensitive data from them. Keeping up to date with mobile app security threats will help you mount more effective defenses. And one effective defense is App Shielding.
Gartner recommends “choosing app shielding to protect high-value apps that run within untrusted environments and that move the software logic on the front end.”
Promon’s App Shielding software, Promon SHIELD™ does exactly this. Promon SHIELD™ is built or linked into your app or app runtime environment. The security software is capable of controlling app execution and detecting and preventing real-time attacks.
Our Shielder Tool makes it easy for app developers to integrate the software via a Software Developer Kit (SDK). Once secured, the apps are immediately ready for distribution via public or enterprise app stores.
Though airline customers are used to occasionally being grounded; hackers are increasingly finding that the sky’s the limit when it comes to stealing data. App shielding technology offers a solution to safeguarding sensitive passenger data and airline reputations.