A Flyertalk user known by the handle “passmethesickbag” took to the forum to report what may be the first recorded case of a victim having personal information used for nefarious purposes in the wake of this summer’s data hack of British Airways. The passenger says secure login credentials from the BA website were offered as proof that blackmailers had access to supposedly private information.
A Flyertalk user warns that the consequences of this summer’s data hack at British Airways are already beginning to be felt by the affected passengers. A member by the handle “passmethesickbag” took to the forum to report a blackmail scheme involving threats to expose supposed, and in this case apparently fictional, online transgressions to friends, business associates and family members.
The extortion message offered the Flyertalker’s British Airways password as proof that the blackmailer had access to the victim’s private details.
Passmethesickbag, a FT member since 2003, shared the extortion bid sent by email:
“I do know [REDACTED PASSWORD] one of your pass word. Lets get straight to the purpose. You may not know me and you’re probably wondering why you are getting this e mail? No person has paid me to investigate about you.
In fact, I actually placed a software on the 18+ streaming (pornographic material) web site and do you know what, you visited this site to experience fun (you know what I mean). While you were viewing video clips, your internet browser started out functioning as a Remote Desktop that has a key logger which provided me with accessibility to your screen and web camera. Immediately after that, my software program collected all of your contacts from your Messenger, social networks, as well as e-mail account. And then I created a double-screen video. First part shows the video you were watching (you’ve got a good taste hahah), and 2nd part displays the recording of your cam, & its you.
You get two possibilities. Lets explore these options in details:
1st solution is to just ignore this e mail. As a consequence, I am going to send out your recorded material to almost all of your contacts and just consider regarding the humiliation you experience. Not to forget in case you are in an important relationship, precisely how it would affect?
Latter choice would be to compensate me $1000. We will describe it as a donation. In this case, I will instantaneously discard your videotape. You could keep on your way of life like this never happened and you surely will never hear back again from me.
You’ll make the payment via Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).
BTC Address to send to: [REDACTED]
[CASE sensitive copy and paste it]
“The subject line was my actual BA.com password,” wrote passmethesickbag, who was among the victims of the British Airways data breach which took place between August 21st and September 5th of this year, compromising the personal information of as many as 380,000 British Airways passengers. While the FT member dismissed the email as “a hoax,” passmethesickbag noted that the attempted blackmail confirmed earlier suspicions that at least some of the personal details obtained from the BA breach have already been sold on the dark web. According to the thread posted on Thursday, an earlier September 7th e-mail to the airline’s data protection officer was never acknowledged.
According to Krebs on Security, the extortion demands sent by e-mail appear to be part of a phishing scam that has been making the rounds for more than a year (pre-dating the BA hack). Both the FBI and the National Crime Agency in the U.K. report that in most instances so far, however, the “blackmailers” have used stolen passwords that were compromised more than a decade earlier.
British Airways has not yet responded to a request for comment, but in the immediate aftermath of the cyber attacks, British Airways Chief Executive promised the carrier would be available to customers affected by the cyber attack.
“We are committed to working with any customer who may have been financially affected by this attack, and we will compensate them for any financial hardship that they may have suffered,” the airline executive said during an apology tour earlier this month. “We’re extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app.”
Attempts to contact passmethesickbag directly have so far been unsuccessful, but the story continues to develop in the forum. A handful of other FT members have since stepped forward, using the thread to share how the British Airways cyber attack has impacted their lives as well.