Tag Archives: stolen accounts

British Airways says a further 185,000 payment cards possibly hit in cyber attack

FILE PHOTO - People queue with their luggage for the British Airways check-in desk at Gatwick Airport in southern England, Britain, May 28, 2017. REUTERS/Hannah McKay

(Reuters) – International Airlines Group said an investigation into the theft of customers’ data at its unit British Airways showed the hackers may have stolen personal information from an additional 185,000 payment cards.

BA said in September that around 380,000 card payments were compromised, with hackers obtaining names, street and email addresses, credit card numbers, expiry dates and security codes – sufficient information to steal from accounts.

On Thursday, British Airways revised that number down, saying that only 244,000 of those originally identified were affected, but said additional customers could have been affected.

On the whole, the total number of payment cards potentially affected stood at 429,000 as of Thursday.

The hackers obtained names, street and email addresses, credit card numbers, expiry dates and in some cases, security codes – sufficient information to steal from accounts.

(Reporting by Arathy S Nair in Bengaluru; Editing by Elaine Hardcastle)

Facebook unearths security breach affecting 50 million users

FILE PHOTO: A 3D-printed Facebook logo is seen in front of displayed binary digits in this illustration taken March 18, 2018. REUTERS/Dado Ruvic/Illustration/File Photo

By Munsif Vengattil, Arjun Panchadar and Paresh Dave

(Reuters) – Facebook Inc said on Friday that hackers had discovered a security flaw that allowed them to take over up to 50 million user accounts, a major breach that adds to a bruising year for the company’s reputation.

Facebook, which has more than 2 billion monthly active users, said it has been unable to determine yet whether the attackers misused any of the affected accounts or stole private information.

Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy. The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a “#deleteFacebook” movement among consumers.

Shares in Facebook fell more than 3 percent in afternoon trading, weighing on major Wall Street stock indexes.

The latest vulnerability had existed since July 2017, but Facebook did not discover it until this month when it spotted an unusual increase in use of its “view as” feature.

“View as” allows users to see what their own profile looks like to someone else. The flaw inadvertently issued users of the tool a digital code, similar to browser cookie, that could be used to post from and browse Facebook as if they were someone else.

The company said it fixed the issue on Thursday. It also notified the U.S. Federal Bureau of Investigation, Department of Homeland Security and Irish data protection authority about the breach.

Facebook reset the digital keys of the 50 million affected accounts, and as a precaution reset those keys for another 40 million that have been looked up through the “view as” option over the last year.

About 90 million people will have to log back into Facebook or any of their apps that use a Facebook login, the company said.

Facebook is also temporarily disabling “view as,” it said.

In 2013, Facebook disclosed a software flaw that exposed 6 million users’ phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users’ profiles.

(Reporting by Munsif Vengattil and Arjun Panchadar in Bengaluru, Paresh Dave in San Francisco; Editing by Sai Sachin Ravikumar and Meredith Mazzilli)