20,000 Air Canada Customers Learn That Their Passport Numbers Were Leaked. Change Your Password ASAP!

Flying is, without a doubt, one of the best ways to travel. Airline ticket prices are relatively low, it is the fastest way to reach the desired location, it is the only way to get to some places, and, finally, it is considered the safest way to travel if compared to other modes of transportation. As a consequence, almost all countries have an airport. Only 5 countries (out of 195 in the world) that have no airport can be distinguished: Andorra, Liechtenstein, Monaco, San Marino, and Vatican City. Additionally, most countries have the so-called national flag carrier.

Air Canada is the flag carrier of Canada founded back in 1937. Also, it is the largest airline by passengers carried. According to statistic available at Statista.com, it transported over 48 million passengers in 2017 and more than 44 million passengers in 2016. Cybercriminals are well aware of the fact that thousands of people use and trust Air Canada's services, so it is not a surprise that the latest data breach against an airline company was directed exclusively at Air Canada's mobile app users. Specialists are now certain that this airline company data breach put passwords at risk.

What happened?

The company reported that it noticed an unusual log-in activity between 22 and 24 August, 2018. As a consequence, all 1.7 million accounts were immediately locked to avoid further damage. A decision was made to do that after realizing that the data breach against an airline company put passwords at risk. Unfortunately, it later turned out that cybercriminals still managed to access accounts and steal personal information from about 20,000 Air Canada's users. They were all informed about the incident promptly and received an email requesting to change a password. The number of affected users could have been way longer, but thankfully, hackers targeted only those people using a mobile app.

What cybercriminals stole?

A data breach is defined as an "incident that involves the unauthorized or illegal viewing, access or retrieval of data by an individual, application or service" by Techopedia. It would be too naïve to expect that cybercriminals behind the data breach against Air Canada had a completely different goal. The airline company confirmed that the following details could have been stolen from affected users' accounts if this information was provided in the app: names, emails, and phone numbers. Hackers could have also stolen such sensitive information as passport number, passport expiration date, passport country of issuance, nationality, country of residence, and birth date. This is, undoubtedly, a serious problem. There is a risk that a bunch of users will experience identity theft, specialists say. Some banks, mobile phone providers, and insurance firms still do not require a physical document, which makes it even easier for cybercriminals to use stolen sensitive information. Have you received an email from Air Canada that tells you to change a password? It is not a scam, we can assure you that. Of course, verifying an email before opening it is always a must. The sooner the password is changed, the better – it is a shield against damaging hackers' swords and spears.

The problem with Air Canada passwords

Air Canada can be blamed for the latest data breach itself, cybersecurity specialists say. It became clear not long after the attack that it used a weak password system. It is hard to say how exactly the breach occurred, but it is very likely that the attack took place because users were not allowed to set strong passwords. In other words, their weak passwords were simply cracked. Air Canada only accepted passwords containing between 6 and 10 characters. Also, it did not allow any special characters – only letters and numbers could be used. Luckily, password guidelines have been recently updated by the company. Change a password to a more complex one even if you have not been affected by the recent data breach or if you have not done that yet after the updated password policy.

What makes a password secure?

According to Canada's government official advice, a secure password is not a password that is easy to remember. In other words, it cannot be an address, a pet's name, or a special date (e.g. your birth date) because these details are extremely easy to obtain. No doubt cybercriminals will try them out first if they manage to get them. The second tip says that 8 characters is a minimum length of a password (experienced specialists recommend going up). Third, it must use a combination of upper/ lower case letters and numbers. Fourth, it should include characters that are not letters or numbers. Fifth, it is advisable to combine a few items, for example, your pet's name, favorite numbers, the street you used to live in, etc. The harder it is to guess your password, the more secure you will be. Make sure you use these tips the next time you change a password or create a new account.

Changing a password might be a nightmare for those who cannot boast about a vivid imagination. Users try to come up with passwords that are both secure and can be easily remembered, but, to be frank, this is nearly impossible. An easy-to-remember password will never be secure, we can assure you that, so you should better change your Air Canada account password to a complex one even if you are sure you could not recall it when needed. Do not worry; you will not be locked out of your account if you entrust saving your password to a reputable password manager. It will not only keep all your passwords in one place, but it will also enter them into login forms for you so that you could access your accounts quicker. Of course, password managers are not created equal. Some of them may not have all these useful functionalities, so we recommend using Cyclonis Password Manager. No, you will not need to save your passwords manually (of course, you will be allowed to do that too). You will quickly save them with the click of a button instead. Additionally, you will be able to import them from all your browsers during the setup. And if you want to change passwords for any of your accounts, a password manager will replace them automatically once you enter them on the website for the first time.

Many users are determined to improve the security of their accounts by changing passwords to more secure ones, but it is not always possible to do that since some companies still do not take the importance of setting complex passwords seriously. Air Canada is one of the best examples – it used to rely on a relatively weak password system, which led it to a massive data breach that affected thousands of users. It is neither the first, nor the last service provider using insecure password practices. Companies should not turn a blind eye to users' online security and privacy. The sooner they change password policies, the sooner the rate of hacks will decline. In the meantime, your virtual security is in your hands.

September 11, 2018

Leave a Reply