0 min left

Flyertalker Says He’s Being Extorted Following the British Airways Leak

Hacker in the action on his laptop computer

A Flyertalk user known by the handle “passmethesickbag” took to the forum to report what may be the first recorded case of a victim having personal information used for nefarious purposes in the wake of this summer’s data hack of British Airways. The passenger says secure login credentials from the BA website were offered as proof that blackmailers had access to supposedly private information.

A Flyertalk user warns that the consequences of this summer’s data hack at British Airways are already beginning to be felt by the affected passengers. A member by the handle “passmethesickbag” took to the forum to report a blackmail scheme involving threats to expose supposed, and in this case apparently fictional, online transgressions to friends, business associates and family members.

The extortion message offered the Flyertalker’s British Airways password as proof that the blackmailer had access to the victim’s private details.

Passmethesickbag, a FT member since 2003, shared the extortion bid sent by email:

“I do know [REDACTED PASSWORD] one of your pass word. Lets get straight to the purpose. You may not know me and you’re probably wondering why you are getting this e mail? No person has paid me to investigate about you.

In fact, I actually placed a software on the 18+ streaming (pornographic material) web site and do you know what, you visited this site to experience fun (you know what I mean). While you were viewing video clips, your internet browser started out functioning as a Remote Desktop that has a key logger which provided me with accessibility to your screen and web camera. Immediately after that, my software program collected all of your contacts from your Messenger, social networks, as well as e-mail account. And then I created a double-screen video. First part shows the video you were watching (you’ve got a good taste hahah), and 2nd part displays the recording of your cam, & its you.

You get two possibilities. Lets explore these options in details:

1st solution is to just ignore this e mail. As a consequence, I am going to send out your recorded material to almost all of your contacts and just consider regarding the humiliation you experience. Not to forget in case you are in an important relationship, precisely how it would affect?

Latter choice would be to compensate me $1000. We will describe it as a donation. In this case, I will instantaneously discard your videotape. You could keep on your way of life like this never happened and you surely will never hear back again from me.

You’ll make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

BTC Address to send to: [REDACTED]

[CASE sensitive copy and paste it]

“The subject line was my actual BA.com password,” wrote passmethesickbag, who was among the victims of the British Airways data breach which took place between August 21st and September 5th of this year, compromising the personal information of as many as 380,000 British Airways passengers. While the FT member dismissed the email as “a hoax,” passmethesickbag noted that the attempted blackmail confirmed earlier suspicions that at least some of the personal details obtained from the BA breach have already been sold on the dark web. According to the thread posted on Thursday, an earlier September 7th e-mail to the airline’s data protection officer was never acknowledged.

According to Krebs on Security, the extortion demands sent by e-mail appear to be part of a phishing scam that has been making the rounds for more than a year (pre-dating the BA hack). Both the FBI and the National Crime Agency in the U.K. report that in most instances so far, however, the “blackmailers” have used stolen passwords that were compromised more than a decade earlier.

British Airways has not yet responded to a request for comment, but in the immediate aftermath of the cyber attacks, British Airways Chief Executive promised the carrier would be available to customers affected by the cyber attack.

“We are committed to working with any customer who may have been financially affected by this attack, and we will compensate them for any financial hardship that they may have suffered,” the airline executive said during an apology tour earlier this month.  “We’re extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app.”

Attempts to contact passmethesickbag directly have so far been unsuccessful, but the story continues to develop in the forum.  A handful of other FT members have since stepped forward, using the thread to share how the British Airways cyber attack has impacted their lives as well.

Comments are Closed.
6 Comments
F
fredc84 September 29, 2018

I got the same email for the bargain price of only $700 to not spill my illicit details. The password they showed was one I use mostly for shopping sites (not CC, investment, or money accoints)...but I also used it on BA (tho not any more).

D
divrdrew September 28, 2018

I have been receiving the same emails but not sure where the password came from. It is a password that is over 10 years old and I only used it on a couple sites. This is a well known scam. Mine are requesting $3000 or $5000. I've been reporting the attempted extortion to the FBI IC3 unit. Doubt it will do anything, but who knows. Just google "porn extortion email" and you'll get lots of information on this. The reality is they don't have your contacts and don't have a 'pixel' in an email to verify that it was read. That's all bs.

J
jonsg September 28, 2018

I've received this exact extortion demand on my LinkedIn email address (an address I used _only_ for LI). This might not be BA-related.

D
dexysmidnightrunner September 28, 2018

I received an almost identical email. Just that my price tag is $3000. This might be for business class customers.

B
BobFF68 September 28, 2018

Such kind of Extortion mails with exactly same request and content are circulating widely since the last 2 or 3 months, I also got one some weeks ago long before the BA IT issue (I also do not have any BA account), I do not think there isn't a direct relation with it. The postal division of Italian police issued a specific warning about this issue, inviting to keep clam, just change your relevant passwords and discard the email, do not reply. Those behind all this just grabbed some data from previous breaches and trying their best, being sure that someone panicking will pay, while actually they have nothing real in their hands.