Several Air New Zealand customers were locked out of their accounts after Air New Zealand acted upon a data breach the airline recently suffered. According to a report by the news website Stuff, the New Zealand airlines took action against a cyber breach several that was a result of credential stuffing, where scammers gain access to login credentials from a system and use them to access accounts in other sources or systems.
As per reports, it is being speculated that the hackers got emails and passwords from another source which they used to hack the accounts of Air New Zealand customers.
Nikhil Ravishankar, the Chief Digital Officer of Air NZ, clarified that the data breach of its customers did not occur due to a breach of its security systems. However, it was initiated after hacking individual accounts, which were further abused to target connected accounts, thereby increasing its number. It impacted a small number of its customers.
He also stated that there was no evidence of fraudulent transactions owing to those accounts or any sensitive information accessed by hackers.
What Air New Zealand did after learning of the data breach?
After finding out about the data breach of its customers, Air New Zealand promptly locked the impacted accounts. The company alerted the impacted individuals to have them watch their systems and other accounts for any suspicious activity. They were asked to change their login details using the Airpoints system again.
The success of credential-stuffing attacks also depends on users who have not changed their passwords or have reused their login credentials in other accounts. Changing passwords and keeping unique passwords for every account is a wise step to keep credential stuffing attacks from working.
“This is a common problem where people use the same email address and password for more than one online login and do not update their passwords regularly or utilize features such as multi-factor authentication, Ravishankar told the news website while addressing the issue.
He also urged users to be naturally suspicious of calls and emails they get. He concluded by saying that a single hacking incident works as a doorway into organizations making it easier for hackers to expand their reach.