Home News Researcher says British Airways hack caused by the same group that pwned...

Researcher says British Airways hack caused by the same group that pwned Ticketmaster

British Airways

A hacker group dubbed Magecart were responsible for the recent data breach on the British Airways website that affected 380,000 customers’ transactions between August 21 and September 5, a research expert stated.

According to the security researcher Yonathan Klijnsma from cybersecurity company RiskIQ, the attackers allegedly used a skimming script, a malicious code, designed to steal the data from the British Airways website.

“This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,” the researcher wrote in a report. “The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”

On September 6, the British airlines notified its customers that “From 22:58 BST August 21, 2018, until 21:45 BST September 5, 2018, inclusive, the personal and financial details of customers making or changing bookings on our website and app were compromised.” Around 380,000 payment-card details were stolen by hackers during the period.

RiskIQ stated that they’ve discovered some similarities in the British Airways situation and the Ticketmaster heist that happened in June. The hackers used a similar approach in both the cases and RiskIQ thinks it could be performed by the same group of hackers, according to the researcher.

On June 27, 2018, Ticketmaster, a ticketing website, became the victim of a cyber-attack and data breach after hackers stole data from the website including payment information of several customers. The website issued an alert after noticing a malicious software on a customer support product hosted by its third-party, Inbenta Technologies. The company stated that the affected customers may include UK citizens who purchased or attempted to purchase tickets between February and June 23, 2018, as well as international customers who purchased, or attempted to purchase tickets between September 2017 and June 23, 2018.