Originally Posted by
armouredant
Very interesting! A key point is that it appears the hackers had access to the BA servers (not a 3rd party server) long before the attack and they had a substantial level of access. What else were they were able to do/view???
"While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact they likely had access long before the attack even started is a stark reminder about the vulnerability of web-facing assets" Bolding mine.
This brings up a whole set of new concerns.