Airlines credit card details exposed
There's a credit card vulnerability called 'CardCrypt', and it has affected 16 companies including EasyJet, Aer Lingus, AirAsia, and more. This has revealed customer credit card details, thanks to internet baddies intercepting the data when people sent their details via apps.
It looks like up to 500,000 have been affected by this flaw, when they were booking flights, or upgrading.
The data sent via an unencrypted connection does include sensitive info, that could well be used in scams, stealing identities, and making off with your money. The firm who found the flaw, Wandera, said that complete credit card details, CVV security codes, customer names, full addresses, transaction amounts and contact details, are at risk.
Wandera said this information was exposed because companies haven't been using the https secure protocol: "We believe there are two likely reasons why HTTPS has not been used, everywhere at all times. It could be a flaw in the coding, or it could be a case of relying on inadequate third party services or libraries. Either way, it’s astounding to me that these companies have failed to exercise sufficient care in the collection of their customers’ personal data."
"The most alarming thing is that it is very likely that there are plenty of other brands who have made the same mistakes. With lots of people booking journeys to go home for the Christmas holidays, it is worrying how much sensitive data could be put at risk."