And so it begins — blackmail attempt following BA data theft
Sep 28, 2018, 3:43 am
#61
Join Date: Sep 2015
Programs: LH SEN; BA Gold
Posts: 8,405
OT: Always back up your data. Last year alone, three colleagues had technical problems that ended with losing all of their data. One was an HDD failure (that the person in question should've seen coming given the noise the HDD was making) whereas the other two had sudden SSD failures. Neither of them had a backup of their data. I thought it to be especially frustrating given that all three computers had MacOs operating on them, which is particularly user-friendly when it comes to setting-up automatic back-ups and managing back-ups.
Sep 28, 2018, 3:45 am
#62
Join Date: Oct 2006
Location: London
Programs: Many. Too many. I came here to cut them down. I failed.
Posts: 2,999
To the original poster - not doubting - but genuinely wondering how you can manage to have a unique password (I assume) for each log in you have. I assume that your BA Exec Club is merely 1 of 20+ unique passwords you must have. You definitely don't replicate your password - and have never used the same password for anything? Ocado, VS Flying Club etc etc?
Thanks I was going to ask for recommendations. I almost would prefer that BA would have given us a 1Password account rather than the Equifax thingy.
I think these things can be unsettling, but would advise doing nothing other than getting a password manager. I don’t work for a software company so have no financial interest here. I chose 1Password and I definitely recommend it, although I’m sure there are many other excellent ones. You start to use complex passwords, no repeats or part repeats, and far less typing.
Sep 28, 2018, 4:04 am
#63
Join Date: May 2006
Location: Godalming, Surrey, UK.
Programs: Nowt of note.
Posts: 1,628
To the original poster - not doubting - but genuinely wondering how you can manage to have a unique password (I assume) for each log in you have. I assume that your BA Exec Club is merely 1 of 20+ unique passwords you must have. You definitely don't replicate your password - and have never used the same password for anything? Ocado, VS Flying Club etc etc?
Sep 28, 2018, 4:10 am
#64
FlyerTalk Evangelist
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 32,145
... For illustration purposes only: say I had a base password of "fooBARquux" and I was signing up to flyertalk.com, I would use something like "flfooBARquuxlk" (i.e. surround the base with the leading and trailing 2 characters of the domain). Imperfect and can obviously still lead to duplicates without some diligence, but that's part of the reason I varied among a set rather than settled on one.
The thing that kills me is that many sites have conflicting requirements. Some insist on special characters, other say 'no special characters'. Same with numbers and uppercase. Difficult to self-generate a memorable set of pws that meet the variable criteria.
Sep 28, 2018, 4:28 am
#65
Join Date: Jun 2008
Location: London
Programs: AAdvantage, and BAEC in name only
Posts: 802
Interesting - that's the sort of solution I was thinking about. A base pw and then a domain identifier.
The thing that kills me is that many sites have conflicting requirements. Some insist on special characters, other say 'no special characters'. Same with numbers and uppercase. Difficult to self-generate a memorable set of pws that meet the variable criteria.
The thing that kills me is that many sites have conflicting requirements. Some insist on special characters, other say 'no special characters'. Same with numbers and uppercase. Difficult to self-generate a memorable set of pws that meet the variable criteria.
Or possibly not.
Sep 28, 2018, 4:38 am
#66
Join Date: Aug 2017
Programs: BAEC
Posts: 460
The password of mine that I found on haveibeenpwned.com/Passwords was definitely only ever used for BA.COM. It was also, as far as I can recall, only used on secure networks either on our home PC (very well secured as used for business) or at client sites where we would expect the same. Of course, it's possible that a client site had a breach or that I used it in a lounge some time on the public WiFi but I doubt it.
I'll give BA a tentative benefit of the doubt for this one but my mistrust and that of many others on here has been well deserved.
What I don't see anyone mentioning, and forgive me if I've missed it, is the human misery caused by all of these scams. Yes, we are a sophisticated bunch on here and know what is what, but these things continue because vulnerable people fall for them and I see very little progress towards being able to stop these criminal in their tracks.
I'll give BA a tentative benefit of the doubt for this one but my mistrust and that of many others on here has been well deserved.
What I don't see anyone mentioning, and forgive me if I've missed it, is the human misery caused by all of these scams. Yes, we are a sophisticated bunch on here and know what is what, but these things continue because vulnerable people fall for them and I see very little progress towards being able to stop these criminal in their tracks.
Sep 28, 2018, 5:38 am
#68
Join Date: Jun 2010
Location: London
Programs: Mucci Blue, BAEC Gold, Blockbuster Video card
Posts: 1,378
Before migrating to a mixture of iCloud and LastPass, for 15 or so years I had a suite of base passwords in my head and a formula by which I would tailor themto any given site/app/etc. For illustration purposes only: say I had a base password of "fooBARquux" and I was signing up to flyertalk.com, I would use something like "flfooBARquuxlk" (i.e. surround the base with the leading and trailing 2 characters of the domain). Imperfect and can obviously still lead to duplicates without some diligence, but that's part of the reason I varied among a set rather than settled on one.
It, when combined with the idea of using throwaways for really public stuff (wifi hotspots etc) seems quite a good demonstration of Pareto's law. 80% of the gain in the first 20% of the work,
Sep 28, 2018, 5:52 am
#69
Original Poster
Join Date: Feb 2003
Location: NCL
Programs: UA 1MM/*G. DL Gold for one more year.
Posts: 5,305
Sep 28, 2018, 5:54 am
#70
Join Date: Apr 2000
Location: uk
Programs: BA Gold, Shangri-La Golden Circle Elite, Hyatt Diamond
Posts: 565
The first email you receive is unsettling and gives you thought - but then like buses, I’m now on the 3rd. Slightly different wording but the same extortion.
i run regular virus scans and use Dashlane now, which was well overdue.
Over the years, amex card compromised in the US, Natwest card compromised god knows where, new bank account using home address, dodgy iPad order - annoying yes, life debilitating not now. All banks and retailers involved resolved the issues, added to CIFAS twice, impacted by equifax data breach so free equifax for year.
I realise it is annoying and for some it’s not easily resolved but for most it’s not the end of the world - and yes, apparently impacted by BA but my banks haven’t demanded I change cards. The biggest issue I had a while ago when I travelled a lot for work, they had to change my customer profile for the card I used the most because it was always triggering alerts and blocks - especially multi country charges on the same day.
Be vigilant
i run regular virus scans and use Dashlane now, which was well overdue.
Over the years, amex card compromised in the US, Natwest card compromised god knows where, new bank account using home address, dodgy iPad order - annoying yes, life debilitating not now. All banks and retailers involved resolved the issues, added to CIFAS twice, impacted by equifax data breach so free equifax for year.
I realise it is annoying and for some it’s not easily resolved but for most it’s not the end of the world - and yes, apparently impacted by BA but my banks haven’t demanded I change cards. The biggest issue I had a while ago when I travelled a lot for work, they had to change my customer profile for the card I used the most because it was always triggering alerts and blocks - especially multi country charges on the same day.
Be vigilant
Sep 28, 2018, 6:00 am
#71
Original Poster
Join Date: Feb 2003
Location: NCL
Programs: UA 1MM/*G. DL Gold for one more year.
Posts: 5,305
Of course I have. In airports, mostly via the BA lounge networks. Not in coffee shops, as far as I can recall. For a long time, without anything like this happening until now.
Sep 28, 2018, 6:00 am
#72
Join Date: Jan 2017
Posts: 101
Well the victims are not benefiting from the breach and only have worry what other fraud will be committed on them. Ironic that yet again the scammers are the ones who always seem to benefit from these breaches.
Sep 28, 2018, 6:05 am
#74
Join Date: Sep 2012
Location: Amsterdam, Asia, UK
Programs: IHG RA (Spire), HH Diamond, MR Platinum, SQ Gold, KLM Gold, BAEC Gold
Posts: 5,072
Before migrating to a mixture of iCloud and LastPass, for 15 or so years I had a suite of base passwords in my head and a formula by which I would tailor themto any given site/app/etc. For illustration purposes only: say I had a base password of "fooBARquux" and I was signing up to flyertalk.com, I would use something like "flfooBARquuxlk" (i.e. surround the base with the leading and trailing 2 characters of the domain). Imperfect and can obviously still lead to duplicates without some diligence, but that's part of the reason I varied among a set rather than settled on one.
Regards checking password in a big list on some website, any/all dictionary words, even if letters swapped fo numbes, eg a=4 / e= / i=1 / o=0 etc, will be listed and not necessarily obtained from one of your accts.
For best security one needs use non-alphanumeric characters such as #/@/£/! etc and avoid dictionary words, or a repeated block modified with prefix/suffix characters
Sep 28, 2018, 6:08 am
#75
Join Date: May 2006
Location: Godalming, Surrey, UK.
Programs: Nowt of note.
Posts: 1,628
This is almost equivalent to one password everywhere and ill advised technique, since once the bad guys have password for site #1 , the badguys will easily/quickly spot that sites name as leading/trailing extra's letters, and amend to access you accts on other sides