British Airways, mSpy & Rainbow Six

For a while last week we thought there won’t be any major news regarding user data breaches and theft, and that we can focus on positive news from our participation at GSMA’s Mobile 360 Series conference in Bangkok.

And then British Airways happened, so our own story will be pushed back a bit, and we are leading with what is a big breach, although there is no talk about millions of users being impacted.

British Airways has a big problem

Last week news broke that British Airways customer data was stolen, with around 380,000 passengers affected. The number does not sound to high, given many previous breaches with other companies when millions of users were impacted. But in this instance, the biggest problem is – which data was accessed by thiefs.

According to their statement, travel or passport data were not stolen, but personal and financial details of customer making bookings on their website and app were compromised. This includes only bookings made during August 21 – September 5, so if you were using their services before or after these dates – you should be safe.

Financial portion of the data is the most sensitive in this case. This includes payment card details which could potentially be used by thieves to steal money from individuals whose data was stolen.

And although BA will compensate affected customers, the issue remains. How user data is protected…

Spying on spies

There is something cathartic in finding out that an app which enables people to spy on Android and iPhone users has suffered a data breach. Now the data of these wannabe spies has been taken by hackers.

Customer data taken in the case of mSpy app includes passwords, call logs, text messages, contacts, notes, and location data. The exposed database also contained other sensitive data like iCloud usernames and authentication tokens of mobile devices using mSPy and iCloud backup files. Transaction details of mSpy licenses purchase in the last six months were also exposed, including the name of the buyer, email address, mailing address, and amount paid.

Although having better and safer user authentication solution wouldn’t help much in this case, it’s important to note that users need to think about which data they give different companies and how that data is handled.

Rainbow Six promotes 2FA

Not everything is grim in this week’s roundup. Great news are coming from game developer Ubisoft. They decided to motivate players of their Rainbow Six Siege game by offering them an exclusive skin for free – if they enable two-factor authentication using Google’s Authenticator app.

This is a good step in the right direction. Especially since they are relying on a known third-party app instead of opting for lower security of SMS based 2FA, which can be easily tricked using SIM hijacking.

Insecure work emails are a cause for concern

Findings from a survey by Switchfast show a need for great concern regarding user authentication in corporate environments.

The key number shows that 76% of employees do not use multi-factor authentication to access their work emails. This is not a big issue for when you are at the office, at a usually secure environment. But when nearly half (44%) use public Wi-Fi networks for work purposes, this give this issue a completely new light.

And although one might dismiss work email breach as something of a low concern – this can lead to access to other company related data, and eventually to a much bigger breach than accessing emails of a single employee. And if you know that 60% of small businesses that experience a data breach go out of business within six months – this makes it a big issue to think about in advance.
Better safe than sorry!

More on our blog