British Airways has released information regarding the hacking of a number of their Executive Club (BA’s frequent flyer programme) member’s accounts. Unlike many recent hacks, this is not about someone gaining access to BA’s systems but rather a failing by many of their customers to follow good password practice. The underlying story here is that hackers have targeted a third-party system, as yet undisclosed, and appear to have harvested usernames and passwords which have then been used to gain access to the Executive Club site. BA have taken steps to reset the passwords on the compromised accounts and have already contacted the affected customers. BeyondTrust, as a leading security vendor, would advise users to take steps to ensure they are not reusing old passwords or passwords used elsewhere. There are many end-user products that can help by managing those passwords for you, generating new, unique passwords also automatically completing login forms for you. All secure and all ensuring that you aren’t using the same password for multiple sites.
Like all security, your safety on the internet is only as good as the weakest link. As users both in the office and on the internet, it’s important that we understand that we are as much responsible for the security of our data as those companies we entrust with it. Make sure you don’t reuse passwords and make sure each password you use is unique. It’s not difficult and the tools out there help you do it in a simple, secure manner.
Brian Chappell, Chief Security Strategist
Brian has more than 30 years of IT and cybersecurity experience in a career that has spanned system integrators, PC and Software vendors, and high-tech multi-nationals. He has held senior roles in both the vendor and the enterprise space in companies such as Amstrad plc, BBC Television, GlaxoSmithKline, and BeyondTrust. At BeyondTrust, Brian has led Sales Engineering across EMEA and APAC, Product Management globally for Privileged Password Management, and now focuses on security strategy both internally and externally. Brian can also be found speaking at conferences, authoring articles and blog posts, as well as providing expert commentary for the world press.