Users of Air Canada Mobile App informed about the breach

by Gabriel E. Hall - -

1% of Air Canada users are exposed to the data breach due to a mobile app's hack

Air Canada Mobile App users face personal data exposure

The biggest Canada's airline company called Air Canada[1] has reported about the data breach involving about 20,000 of its mobile app users. The accident was spotted between August 22 and 24 when the company detected suspicious log-in actions and figured out that some hacker managed to get through various passwords and access personal users' information.[2] The data includes customers' names and surnames, email addresses, residence addresses, mobile phone numbers, nationality, etc.

At the moment of writing, Air Canada has around 1.7 million Mobile App users. Even though only 1% of them were affected, the company decided to deactivate all users' accounts for their safety[3]:

In addition to taking immediate action to block these attempts to gain unauthorized access, we have locked all Air Canada mobile App user accounts as a precaution.

Leaked data seems to include personal details

While it has been announced at once that credit card data hasn't been affected because of encryption used, what worries the most is that criminals also managed to access users' passport numbers and all the details that are typically provided before the flight:[4]

  • Residence country;
  • Passport expiration data;
  • Aeroplan number;
  • Gender;
  • Nationality;
  • Birthdate;
  • etc.

The good news is that the risk of misusing such data is not high if you have other identity-proving documents:

<…> the risk of a third party obtaining a passport in your name is low if you still have your passport, proof of citizenship and supporting identity documents.

Changing passwords is obligatory

Air Canada has not yet discovered who is responsible for the data breach. However, the company highly recommends changing old passwords to more difficult ones that would include more characters and at least one symbol. According to the representatives, this type of precautionary measure can cause a delay in the password changing process but is necessary if wanting to protect personal information:

Air Canada has asked Mobile+ app users to reset their accounts as a security precaution. Due to the large volume, some customers may experience a delay in the process to change their passwords. We ask customers to be patient and assure them their data is protected and not accessible to unauthorized users. We apologize for the delay. Please wait several hours and try again.

The company also stated that they had sent emails to its customers whose Mobile App accounts might have been accessed without their permission[5]. Such informing messages were sent on the 29th of August.

Strong passwords – the main way to protect accounts and personal information

We often read the news or hear about various data breaches that happen all over the world. Sadly, it is a very common occurrence nowadays as more and more hackers manage to break through various security systems. The main problem here is that users do not take passwords as serious as they should.

Usually, people pick simple words or numbers which relate to their daily life and can be remembered easily. However, this is the biggest mistake. Accounts with weak passwords have the highest risk of being hacked. Experts recommend thinking of more difficult passwords which include letters, numbers, and even symbols. If you are worrying that you will forget your password, you should write it down and keep it in a safe place. If you do so, the risk of data breach and various hacks will decrease slightly.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References