Hackers breach e-Ticketing systems at 8 Major Airlines

2019, Breaches, March

Who: E-ticketing systems at Eight Airlines

When: Reported 12 Mar 2019

# of records involved: undetermined

What happened: Hackers intercept passengers Personally Identifiable Information (PII) using website link vulnerability.

How did it happen: 8 major airlines identified are putting passenger data at risk by allowing unauthorized third parties access through unencrypted links the ability to intercept the credentials into their e-ticketing systems that contain all of the PII associated with the airline booking. This means that the hacker can view, and in some cases even change, a user’s flight booking details, and/or print boarding passes. The vulnerability comes when the airline sends unencrypted check-in links to passengers through their e-ticketing systems directing them to a site where they are logged in automatically to the check-in for their flight.

Outcome: Independent Security Evaluators (ISE) examined popular open-source ticketing software, osTicket, and reported they’d identified a “number” of security flaws, and had provided Enhancesoft, the company sponsoring osTicket’s development, with information about the vulnerabilities and how to reproduce them. The Transportation Security Administration (TSA) has not responded but the Government Accountability Office (GAO) has discussed similar problems in audit reports to Congress

Download your "Special Report on Passwords and Password Security"

You have Successfully Subscribed!

The Next Masterclass is Coming Soon!

Fill out the form below and be notified as soon as the registration for the next Masterclass opens.

Thank you, we'll notify you as soon as the Masterclass registration opens!

Malcare WordPress Security