TRENDING:

Fraudsters Target United Frequent Fliers

Several Thousand MileagePlus Accounts Exposed Jeffrey Roman (gen_sec) • December 29, 2014    
Fraudsters Target United Frequent Fliers

United Airlines is notifying some of its MileagePlus members that unauthorized individuals accessed frequent flier accounts by using usernames and passwords obtained from third-party sources.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

"These usernames and passwords were not obtained as a result of a United data breach, and United was not the only company where attempts were made," says a notice sent to MileagePlus members, which was obtained by Information Security Media Group.

United's frequent flier program has an estimated 95 million members, says Rahsaan Johnson, a company spokesperson.

Starting around Dec. 9, the intruders attempted to access the accounts using the usernames and passwords obtained elsewhere, "since many people use the same username and password for multiple accounts and websites," United says.

For accounts where the credentials matched, the intruders were able to gain entry and obtain members' MileagePlus numbers, account balances and Premier status. Other account details, such as mailing addresses, also may have been viewed, United says. The intruders were not able to view credit card numbers because they are hidden except for the last four digits.

Several thousand accounts were inappropriately accessed, Johnson says, though an exact number could not be confirmed. For approximately three dozen accounts, the intruders were able to make a mileage transaction, such as booking a ticket, Johnson says.

United temporarily suspended MileagePlus accounts that may have been impacted, and members were given steps to have their password, username and security questions updated.

The reuse of usernames and passwords across multiple websites contributes to a higher rate of fraud, says Al Pascual, director of fraud and security at Javelin Strategy and Research. "To address this trend, businesses can implement two-factor authentication," he says.

In addition, organizations can bolster their password policies, such as requiring frequent password changes as well as encouraging the use of password managers, Pascual says.

Previous
Sony: Controversial Film Breaks Record
Next
Tougher to Use Bitcoin for Crime?

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Securing the SaaS Layer
Securing the SaaS Layer
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.