Email regarding compromised App data
#61
Join Date: Sep 2009
Location: YYZ
Programs: AC SE MM, Bonvoy Plat, Hilton G,Nexus, Amex MR Plat,IHG Plat
Posts: 4,422
#62
Join Date: Mar 2014
Location: YVR
Programs: AC E75K, WJ Gold, NEXUS, Marriott Gold
Posts: 316
I still can't believe AE passwords have these restrictions (the 2 I've bolded are ridiculous) -
- Must be between 6 and 10 characters
- Must contain at least 1 letter and 1 number
- Cannot contain special characters
#63
Join Date: Mar 2010
Location: Canada
Programs: *G
Posts: 2,304
Although I have the App on my iPhone, I don't think I ever filled in any personal information, so I have not received any emails from AC, and when I accessed the App, it only wanted me to update (which I did) and nary a mention of changing passwords etc. It's seems to be working as it always did for me - I enter flights if I need to, although just now there are notices about it's being slow due to demand. But it also keeps asking me if I still want to fly to that last destination I researched.
#65
Join Date: Jan 2015
Location: YHZ
Programs: AC 75K
Posts: 50
Finally got my password changed using the emailed link, but the new version of the app crashes almost immediately on my iPhone and iPad, so I can't use it anyway. Of course, I'm flying today so the timing is perfect.
#66
Join Date: Jun 2016
Location: ORD
Programs: AC 50K, Bonvoy Tit, UA Silver
Posts: 246
#67
Join Date: Jan 2017
Location: Halifax
Programs: AC SE100K, Marriott Lifetime Platinum Elite. NEXUS
Posts: 4,568
I'm kinda surprised the app stores passport and nexus information. If it does, then why do I need to type it in every time like a savage?
(they tell me I was one of the lucky 20k)
(they tell me I was one of the lucky 20k)
#68
Join Date: Mar 2017
Location: Toronto
Programs: DL Silver, AC E75K, Chatime Elite
Posts: 339
I got the email as well, but during that timeframe, had no flights booked and never did validate my app password or profile. I didn't enter any Nexus information for my flight that week, so hopefully I'm somewhat safe.
#69
A FlyerTalk Posting Legend
Join Date: Sep 2012
Location: SFO
Programs: AC SE MM, BA Gold, SQ Silver, Bonvoy Tit LTG, Hyatt Glob, HH Diamond
Posts: 44,323
Also I would like to formally retract an earlier statement I made about the Aeroplan transition. Previously I mentioned that if the people who built the AC Flight Pass app had a crack at building Altitude there was a chance the rollout would be smooth. However, given this event and my (possibly correct?) understanding that the Mobile authentication was built by the same team as the flight pass group, it seems like I was premature in my judgement.
Safe Travels,
James
Safe Travels,
James
It shouldn't matter if you added information to a booking, only if you added it to your Mobile+ profile.
#70
Join Date: Oct 2006
Programs: Aeroplan E75K
Posts: 49
These are Air Canada mobile+ password restrictions - not Aeroplan.
#71
Original Poster
Join Date: Jan 2012
Location: YYZ
Posts: 68
Does anyone know if existing reservation info would have been compromised? As one of the 20,000 "lucky" ones its concerning if PNR information was accessed as usually all one needs to make changes or cancel flights is the PNR and name, and we already know they accessed name information. I'm unsure as to whether they actually logged in to people's app accounts and accessed all information there or if they just accessed a database of information related to the app or were just looking to harvest personal info.
Air Canada have not specified flight details as being compromised but at this point I have almost no faith in anything Air Canada says. The fact that this started on the 22nd and was still going on the 24th before they apparently noticed is troubling to say the least.
I wish 2 factor authentication would become standard for anything that stores personal information.
Air Canada have not specified flight details as being compromised but at this point I have almost no faith in anything Air Canada says. The fact that this started on the 22nd and was still going on the 24th before they apparently noticed is troubling to say the least.
I wish 2 factor authentication would become standard for anything that stores personal information.
#72
Join Date: Dec 2011
Posts: 2,237
I was able to finally change password using iPad, to AC website link to to change Mobile + passwords
I had 2 mobile + id's one for work phone, one for personal.
requested, got email link, used email link got to Mobile + site, changed both passwords,
After that I logged back in and deleted both accounts ( option on Mobile + site) along with all CC information.
I was unable to do using app links, but strangely on iPad browser could get it done
I have setup new Mobile + account, using one of my email alias and personal mobile phone, but not able to link / Aeroplan account to it. comes up with possible password issues, do you wan to reset , again, I don't think i will do that since I can log in to both AC and Aeroplan using my Aeroplan # and password.
PS was able to link Aeroplan #, then logged out. Can't log in again due to traffic
I had 2 mobile + id's one for work phone, one for personal.
requested, got email link, used email link got to Mobile + site, changed both passwords,
After that I logged back in and deleted both accounts ( option on Mobile + site) along with all CC information.
I was unable to do using app links, but strangely on iPad browser could get it done
I have setup new Mobile + account, using one of my email alias and personal mobile phone, but not able to link / Aeroplan account to it. comes up with possible password issues, do you wan to reset , again, I don't think i will do that since I can log in to both AC and Aeroplan using my Aeroplan # and password.
PS was able to link Aeroplan #, then logged out. Can't log in again due to traffic
Last edited by xLuther; Aug 29, 2018 at 12:03 pm
#73
Join Date: Jan 2017
Location: Halifax
Programs: AC SE100K, Marriott Lifetime Platinum Elite. NEXUS
Posts: 4,568
I know the app wouldn't store it (or, don't care about the distinction. It should be stored on the device, too). But this feature apparently has zero discoverability. Can I get a "save details" checkbox please?
#74
Join Date: Apr 2011
Location: YYC
Programs: AC SE 1MM, Marriott Ambassador
Posts: 3,397
Note you can also add this information directly in the FP through AC.com.
But even if you don't fill in the information on AC.com, if you have the information entered in the FP app, you are good to go and don't need to fill it in when making a booking.
#75
Join Date: Dec 2011
Posts: 2,237
you have backwards, Aeroplan/AC website only allows simple passwords letters/numbers NO special characters logging in using Aeroplan numbers
From Aeroplan site
AC Mobile+ requires complex, special characters, numbers, letters
Lord knows done it enough times today ,
From Aeroplan site
- Must be between 6 and 10 characters
- Must contain at least 1 letter and 1 number
- Cannot contain special characters
- Cannot be easy to guess
AC Mobile+ requires complex, special characters, numbers, letters
Lord knows done it enough times today ,