vernonc

Also Pets+US pet insurance. Hacked two weeks back and includes Canadian customers.

trek604

I still can't believe AE passwords have these restrictions (the 2 I've bolded are ridiculous) -

• Must be between 6 and 10 characters
• Must contain at least 1 letter and 1 number
• Cannot contain special characters

fin 645

Although I have the App on my iPhone, I don't think I ever filled in any personal information, so I have not received any emails from AC, and when I accessed the App, it only wanted me to update (which I did) and nary a mention of changing passwords etc. It's seems to be working as it always did for me - I enter flights if I need to, although just now there are notices about it's being slow due to demand. But it also keeps asking me if I still want to fly to that last destination I researched.

majik

One of the unlucky ones. Now what should I ask for compensation? Credit monitoring? 50k miles? Or status upgrade for the year? FT please help me decide

allizdog

lewis_m

You forgot the part where it is not case sensitive!

RangerNS

I'm kinda surprised the app stores passport and nexus information. If it does, then why do I need to type it in every time like a savage?

(they tell me I was one of the lucky 20k)

TTC192Rocket

I got the email as well, but during that timeframe, had no flights booked and never did validate my app password or profile. I didn't enter any Nexus information for my flight that week, so hopefully I'm somewhat safe.

canadiancow

No, the Mobile+ stuff far pre-dates AC's efforts to bring things in-house. The FP app uses Mobile+ authentication, but it was not written by the same people.

The "app" doesn't store it. But you can store it in your Mobile+ profile. This will pre-fill fields when you use the app. It won't help with web bookings. If you didn't store it in your profile, then it's not part of this breach.

It shouldn't matter if you added information to a booking, only if you added it to your Mobile+ profile.

YUL-Insider

These are Air Canada mobile+ password restrictions - not Aeroplan.

atco

Does anyone know if existing reservation info would have been compromised? As one of the 20,000 "lucky" ones its concerning if PNR information was accessed as usually all one needs to make changes or cancel flights is the PNR and name, and we already know they accessed name information. I'm unsure as to whether they actually logged in to people's app accounts and accessed all information there or if they just accessed a database of information related to the app or were just looking to harvest personal info.
Air Canada have not specified flight details as being compromised but at this point I have almost no faith in anything Air Canada says. The fact that this started on the 22nd and was still going on the 24th before they apparently noticed is troubling to say the least.

I wish 2 factor authentication would become standard for anything that stores personal information.

xLuther

I was able to finally change password using iPad, to AC website link to to change Mobile + passwords

I had 2 mobile + id's one for work phone, one for personal.

requested, got email link, used email link got to Mobile + site, changed both passwords,

After that I logged back in and deleted both accounts ( option on Mobile + site) along with all CC information.

I was unable to do using app links, but strangely on iPad browser could get it done

I have setup new Mobile + account, using one of my email alias and personal mobile phone, but not able to link / Aeroplan account to it. comes up with possible password issues, do you wan to reset , again, I don't think i will do that since I can log in to both AC and Aeroplan using my Aeroplan # and password.


PS was able to link Aeroplan #, then logged out. Can't log in again due to traffic

RangerNS

I know the app wouldn't store it (or, don't care about the distinction. It should be stored on the device, too). But this feature apparently has zero discoverability. Can I get a "save details" checkbox please?

ridefar

You don't. Assuming you book the flight with the FP app, and check-in with the AC app, you don't.

Note you can also add this information directly in the FP through AC.com.

But even if you don't fill in the information on AC.com, if you have the information entered in the FP app, you are good to go and don't need to fill it in when making a booking.

xLuther

you have backwards, Aeroplan/AC website only allows simple passwords letters/numbers NO special characters logging in using Aeroplan numbers

From Aeroplan site

• Must be between 6 and 10 characters
• Must contain at least 1 letter and 1 number
• Cannot contain special characters
• Cannot be easy to guess

AC Mobile+ requires complex, special characters, numbers, letters

Lord knows done it enough times today ,