Email regarding compromised App data
#33
Join Date: Aug 2014
Location: YQB
Programs: AC SE
Posts: 2,139
Aeroplan.com is completely down now.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
#35
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
More fun
Got the email I posted just above and also a prompt in the app to reset PWD. So I click to do that and it takes me to this main AC page.
I click the link in the email, I get another email with the PWD reset link and bonus !!!, It also takes me to the main AC page.
Can I laugh now?
Got the email I posted just above and also a prompt in the app to reset PWD. So I click to do that and it takes me to this main AC page.
I click the link in the email, I get another email with the PWD reset link and bonus !!!, It also takes me to the main AC page.
Can I laugh now?
#36
Join Date: Jul 2017
Programs: AC SE100K
Posts: 12
I'm curious what the ultimate risk was of someone else logging into our accounts? It seems like if any AC service had to be breached, we'd want it to be the one that gives people almost zero control over the accounts. This and other technical hassles I've had with AC in the past don't give me much faith about the company handling all things Aeroplan. I can see it now...
#38
Suspended
Join Date: Sep 2014
Programs: AC SE100K-1MM, NH, DL, AA, BA, Global Entry/Nexus, APEC..
Posts: 18,877
For fun, I clicked both of the links in the first AC email about resetting PWD
"You can reset your password by following the prompts when you next log‑in to your Air Canada mobile App, or you may reset your password now or you may also go to https://services.aircanada.com/portal-web/mobile/profile?action=resetpwd&locale=en"
RESULT:
Error 500: SRVE0207E: Uncaught initialization exception thrown by servlet
"You can reset your password by following the prompts when you next log‑in to your Air Canada mobile App, or you may reset your password now or you may also go to https://services.aircanada.com/portal-web/mobile/profile?action=resetpwd&locale=en"
RESULT:
Error 500: SRVE0207E: Uncaught initialization exception thrown by servlet
#39
Join Date: Mar 2014
Location: YVR
Programs: AC E75K, WJ Gold, NEXUS, Marriott Gold
Posts: 316
I'm less concerned about the app password itself (I use all different ones) but I don't remember if my Canadian Passport # or NEXUS and birthdate was stored in there or not...
#40
Join Date: Jan 2015
Location: YQB
Programs: AC SE100K-1MM, Bonvoy Gold, HHonors Diamond, VIA Premier, NEXUS/GE
Posts: 816
It took a while but I was successful at changing my password (can't remember which link, the one in the app or in the email). I received an email confirming that my password was changed. I thought I was all set.
However, when I use the app, I get the same message about being unable to login and to reset my password
However, when I use the app, I get the same message about being unable to login and to reset my password
#41
Suspended
Join Date: Nov 2007
Location: YVR
Programs: Air Canada Super Elite 2+ Million Miles
Posts: 2,478
and why did it take 5 days to advise?
Did AC notice right away and tried to keep this quiet, but found scope too big?
Did AC NOT notice and were asleep at the switch?
As my notice says NOT AFFECTED, I do NOT have standing to complain, but for those of you who have received notice that your affected, may I suggest you make a complaint to the Privacy Commissioner of Canada.
https://www.priv.gc.ca/en/for-individuals/
And let's hang on as just because AC says only 20,000 accounts affected, who knows once this gets more scrutiny.
Did AC notice right away and tried to keep this quiet, but found scope too big?
Did AC NOT notice and were asleep at the switch?
As my notice says NOT AFFECTED, I do NOT have standing to complain, but for those of you who have received notice that your affected, may I suggest you make a complaint to the Privacy Commissioner of Canada.
https://www.priv.gc.ca/en/for-individuals/
And let's hang on as just because AC says only 20,000 accounts affected, who knows once this gets more scrutiny.
#42
Join Date: Sep 2014
Programs: AC SEMM
Posts: 1,379
It took a while but I was successful at changing my password (can't remember which link, the one in the app or in the email). I received an email confirming that my password was changed. I thought I was all set.
However, when I use the app, I get the same message about being unable to login and to reset my password
However, when I use the app, I get the same message about being unable to login and to reset my password
#43
Join Date: Jan 2015
Location: YQB
Programs: AC SE100K-1MM, Bonvoy Gold, HHonors Diamond, VIA Premier, NEXUS/GE
Posts: 816
I was able to login into mobile+ and activate the touch ID using the new password. But I still get asked to change it!
I have no idea what is going on but I won't change anything anymore for the time being.
#45
FlyerTalk Evangelist
Join Date: Jun 2003
Location: YYC
Posts: 23,804
So is the CIO going to lose her head, as she should? Or who else will they identify as a scapegoat?
Or in their mind is this a normal thing to happen?
I would suggest affected people look at class action. These things are *NOT* supposed to happen, period.
Or in their mind is this a normal thing to happen?
I would suggest affected people look at class action. These things are *NOT* supposed to happen, period.