Flaw in E-Ticketing System Exposes Passenger Details
A security flaw in British Airways e-ticketing system could expose passenger data, including their flight details and personal information. The flaw resides in the flight check-in links that British Airways sends to its passengers. The link URL parameters contain the passenger’s booking reference and surname, which are sent over the network unencrypted. The check-in link, which can be intercepted by an attacker in the same network, provides automatic access to the passenger account, exposing information such as itineraries and flight details. The flaw has since been fixed after responsible disclosure in July 2019.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services