| Reposting from the other thread at https://news.ycombinator.com/item?id=18299015* It is unclear from any reporting as to how this technically happened, which is a shame but hopefully that will be made public in the coming days. Some other outlets[0] have an interesting statement: > The breach also included details about where each passenger had traveled and any comments made by customer service representatives. The amount of data accessed varied among passengers.* Based on those details, and the mention of 'no passwords were compromised', chances are this breach has come from an internal helpdesk type system, or possibly CRM. If however the statement around the passwords changes, that opens up a few other possibilities. What this doesn't sound like, are the attacks we saw on British Airways[1] and Ticketmaster[2], where javascript was injected into the payment pages to vacuum up payment details from customers. The statement around "The company has no evidence that any personal information has been misused" is always an interesting one, and is one of the many reasons I created my startup Breach Insider[3], so that data breaches like this could be detected much sooner (not 7 months later, as we have seen here), with minimal false positive alerts, and definitive evidence if any data has been misused. By using real email addresses that are unique to each company/business, you can be sure to find out if that data ever leaks & is abused for things like spam or phishing. [0] https://www.theverge.com/2018/10/24/18019958/cathay-pacific-... [1] https://www.britishairways.com/en-gb/information/incident/da... [2] https://www.riskiq.com/blog/labs/magecart-ticketmaster-breac... [3] https://breachinsider.com |