Skip to main content

Thieves hack American and United accounts, book free flights

” id=”attachment_671106″]kentucky hospital subjected to ransomware hacker keyboard
Cybercriminals armed with usernames and passwords broke into customer accounts at American and United airlines, with some going so far as to book free flights and seat upgrades.

Affected customers were notified by email on Monday, though the hack apparently took place some time last month.

A spokesperson for United told the Associated Press that since early December around 35 MileagePlus accounts had seen activity involving fraudulently booked trips or mileage transactions.

American appears to have been hit harder by the hack, however, with around 10,000 accounts affected. Despite this, up to now it said it’s only aware of a couple of cases where a flight or upgrade was booked without the account holder knowing. The carrier promised to cover the cost of a credit-watch service for affected customers for a period of 12 months.

Both airlines were at pains to point out that their respective computer systems had not been breached and credit card numbers had not been exposed, but added that it was possible information in a user’s account profile, such as a customer’s mailing address, could have been viewed.

It’s assumed the criminals obtained the account information from sources outside of the airlines’ systems, though at this stage the thieves’ method of operation isn’t clear.

While the airlines will certainly have been embarrassed by the incident, at this stage it looks as if the damage has been minimal. However, customers with the carriers will no doubt be seeking assurances that their personal data is indeed safe and that the airlines are doing what they can to ensure they have the right defenses in place should hackers try to dig a little deeper next time around.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more
Experts found a record number of zero-day hacks in 2021
A digital depiction of a laptop being hacked by a hacker.

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest technology companies.

Project Zero is an initiative started by Google in 2014 aimed at detailing security defects known as zero-day exploits. These vulnerabilities are dangerous as they essentially remain undetected unless a mitigation system has been implemented, thus leaving systems, databases, and the like completely exposed to hackers.

Read more
Victims of latest massive LAPSUS$ hack include Facebook, DHL
facebook privacy mark zuckerberg

Hacking group LAPSUS$ has revealed its latest target: Globant, an IT and software development company whose clientele includes the likes of technology giant Facebook.

In a Telegram update where the hackers affirmed they’re “back from a vacation,” -- potentially referring to alleged members of the group getting arrested in London -- LAPSUS$ stated that they’ve acquired 70GB of data from the cyber security breach.

Read more