Firemin

Sitting eating dinner when my phone suddenly goes crazy... over a hundred new emails in a minute to my personal email account. I have a quick scan through and see a BA Booking email. Quickly log on to my executive club account... 2 avios bookings for Langham hotel in Hong Kong, total ~150,000 avios. Booking made from someone in China!

Quickly changed BAEC password and phoned up the gold line to inform them and get my account locked, then spent the last hour checking all my other financial accounts that use that same email address... thankfully only BAEC seems to be affected.

It appears that whoever hacked it tried to hide the booking confirmation emails using spam bombing (I have had maybe 2000 emails over the last hour, mostly from wordpress@ .... .com), which thankfully alerted me to the hack. Problem is it has completely crippled my email for now!!

Not sure how they got my password, the only thing I can think of was that I was at Shanghai airport yesterday and logged onto the BA app on my phone whilst connected to the free airport wifi!!!

In the meantime, anyone IT literate got any suggestions on how to deal with this constant spamming.....

flyingmonkie

Sorry to hear that, it sucks being the victim of such an attack.

The spam you will just have to live with for the short term. Moving forwards I would suggest a VPN (you can get Freedome which is what I use for very little money) although I'm not sure that would help you in China as VPNs are being blocked by the government.

I would also suggest getting a password manager such as LastPass (again, the one I use) and making sure every password is unique and 14 characters long.

Finally, enable Two Factor wherever you can. Not available for ba.com but make sure you have it on on your email etc.

Flying Monkie

hypercrypt

If there is a pattern to the emails you may be able to add a filter (such as block all emails from email addresses that are "wordpress@...").

corporate-wage-slave

Thanks for the useful reminder that there are bad guys out there. I would also call the Langham and ensure they also have blocked the reservation.

Was your password unique to BA, or was it shared with other login websites?

FlyerTalker7654

Out of interest, how does a password manager help in this situation? Isn't it a case that the op was on the airport WiFi and the person hacked into the op's account...how would a password manager prevent the initial hack?

flyingmonkie

It wouldn't but it would make sure that every website has a unique password and so a hack of one does not equal a hack for all.

MSPeconomist

I'm surprised that the hacker didn't try to change the email address on your BA account. That seems to be a common ploy, although good practice is to send a notice of the email change to the old email address, which you then (hopefully) would have noticed.

Firemin

Thanks for the replies.

I have set up a rule to automatically delete any email with Wordpress in the sender line, which seems to have stopped most of them. They seem to be using a bot to sign my email address up to loads of websites/mailing lists!

Luckily my BA password is not the same as my other accounts, or my email address, but have just changed them all to be safe anyway.

I have IPVanish vpn app on my phone, but is has trouble connecting in China so didn't bother using it! Oh well, live and learn!

Firemin

I'm half tempted to go to the hotel on the date of the reservation and meet with Mr Zhang Li and give him a thump!

corporate-wage-slave

Indeed, which is why the hacker sends 2,000 random emails to bury that crucial BAEC email. However it wouldn't surprise me that BA's IT slowed down the hacker for our valiant OP to intervene. I presume what happened here wasn't so much a hack of BA.com but a takeover of the BA App access on an emulator. Something rather common in that neck of the woods unfortunately.

icegirl

I would change your password first and speak to your your IT department ASAP to ensure your devices are not infected with any mal or spyware.


A few tips to prevent hacking in the future:

Never connect to any kind of public WIFI unless it is secured and protected.

Make sure your phone/laptop/tablet is upto date with all latest virus protection and security updates.

Never use public computers to logon to any accounts such as those in lounges or public spaces.

When creating passwords make them long and which uses a combination of upper, lower and special characters.

Hope this helps!

corporate-wage-slave

Well Mr Zhang has very good taste in hotel selection I must say. Not that we should be encouraging violence on this venerable website, the children may be reading this, even so......

[More boringly, what these hackers often do is sell the hotel reservation on to someone else, so whoever turns up at the hotel may well be someone naive enough to believe in a price that is too good to be true, but not necessarily a criminal].

Jimmie76

I have a spare tablet (that I bought second hand) for browsing at airports etc. don't do anything on there that I would be worried about being compromised. Once I had questions at security about carrying two tablets but the explanation was sufficient.

dougzz

Doesn't long passwords only protect against brute force attacks?

Regardless of whether Wi-Fi is open or protected, if you visit only https sites then isn't the data secured between your device and the website? Does for example the BA app use a secure data connection method?

johnspenceruk

There seems to be a bit confusion here regarding safety of public WiFi networks.

They are absolutely safe for accessing sites or running apps on your own device.

An app like the BA one (or a banking app, or email client, etc.) would not send passwords in plaintext. Any API calls would be over an SSL connection and the API calls would follow something like OAuth2 standard, such as using bearer token authentication. I doubt OP's issues are due to him using the app over public wifi.