BAEC password compromise

Old Oct 25, 18, 10:27 am
  #1  
Original Poster
 
Join Date: Oct 2008
Location: London
Posts: 1,500
BAEC password compromise

My BAEC account password was recently compromised (not from me as I never divulge it) and can see some spam emails quoting my password back to me.

Are BA certain that BAEC account passwords were not compromised during the recent data leaks? I had to speak to someone at BAEC to try and reset my password as the site was playing up when I tried. I mentioned the compromise and asked whether it was linked to the recent data theft, but didn't get a clear answer.
London_traveller is offline  
Old Oct 25, 18, 10:33 am
  #2  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 15,680
Originally Posted by London_traveller View Post
My BAEC account password was recently compromised (not from me as I never divulge it) and can see some spam emails quoting my password back to me.

Are BA certain that BAEC account passwords were not compromised during the recent data leaks? I had to speak to someone at BAEC to try and reset my password as the site was playing up when I tried. I mentioned the compromise and asked whether it was linked to the recent data theft, but didn't get a clear answer.
There was another thread about this recently where a few people said their BA password had been compromised.

Enter the password into the following site, and it will tell you if it's been leaked (it's perfectly safe) :-

https://haveibeenpwned.com/Passwords

Edit : this is the thread :-

And so it begins ó blackmail attempt following BA data theft
DYKWIA is offline  
Old Oct 25, 18, 10:38 am
  #3  
 
Join Date: Apr 2018
Programs: BAEC Gold
Posts: 117
My password was compromised just a few days ago. I only use this particullar password for BA and changed it after the hack a few weeks ago.
Now i hat to change it again. It might be a new issue.
Seraglio is offline  
Old Oct 25, 18, 10:43 am
  #4  
Original Poster
 
Join Date: Oct 2008
Location: London
Posts: 1,500
Thanks for this info - that's the thread I need!
London_traveller is offline  
Old Oct 25, 18, 11:38 am
  #5  
 
Join Date: Dec 2009
Location: Flatland
Programs: AA Lifetime Gold 1MM, BA Gold, UA Peon
Posts: 5,774
Bear in mind the possibility that some device you used to access the account has been compromised and that credentials were stolen there.
plunet and BHD Belle like this.
flatlander is offline  
Old Oct 25, 18, 12:25 pm
  #6  
 
Join Date: Jan 2016
Location: LON
Programs: BAEC, Accor
Posts: 1,983
Yep, we're all quick off the mark to blame the provider for leaking a password and whikst there are a large number of websites need to their game, the balance probability these days is that malware on an end user device has sniffed the password and compromised it more often than it being compromised by the service provider.
plunet is offline  
Old Oct 25, 18, 12:49 pm
  #7  
Ambassador: Emirates Airlines
 
Join Date: Sep 2004
Location: Manchester, UK
Posts: 15,680
Originally Posted by plunet View Post
Yep, we're all quick off the mark to blame the provider for leaking a password and whikst there are a large number of websites need to their game, the balance probability these days is that malware on an end user device has sniffed the password and compromised it more often than it being compromised by the service provider.
BA have proved that they don't take their data responsibilities seriously, so I'd say there's a good chance that they've also leaked passwords - maybe without even knowing it. Look at the thread I linked, and there are a few people there that also have their unique BA passwords compromised. People who use unique passwords tend to be a bit more clued up about being secure in my experience, so less likely to have their data "sniffed".
DYKWIA is offline  
Old Oct 25, 18, 1:45 pm
  #8  
FlyerTalk Evangelist
 
Join Date: Mar 2010
Location: JER
Programs: BA Gold/OWE, several MUCCI, and assorted Pensions!
Posts: 30,313
How many people use 'AlexCruz' as a password?
T8191 is offline  
Old Oct 25, 18, 1:50 pm
  #9  
 
Join Date: Mar 2010
Posts: 935
And this is why Iím happy to renter my passport details each time I make a booking instead of letting BA store them.
PAL62V is offline  
Old Oct 25, 18, 3:32 pm
  #10  
 
Join Date: Apr 2015
Location: Oxford
Programs: Skyteam Elite+, VS Red, HHonours Diamond, Accor Plat
Posts: 607
Tonight BA admitted to a second data breach. The original one compromised data from 21 August to 5 September. Tonight's admission adds in a second period:

Those impacted were people making reward bookings between April 21 and July 28, 2018 and who used a payment card.
It would not surprise me if other vulnerabilities are also lurking in BA's website waiting to be admitted to.
stuart_f is offline  
Old Oct 26, 18, 4:41 am
  #11  
Original Poster
 
Join Date: Oct 2008
Location: London
Posts: 1,500
Originally Posted by plunet View Post
Yep, we're all quick off the mark to blame the provider for leaking a password and whikst there are a large number of websites need to their game, the balance probability these days is that malware on an end user device has sniffed the password and compromised it more often than it being compromised by the service provider.
Well, quite possibly.

The two massive data breaches by BA over recent months are merely a coincidence
London_traveller is offline  
Old Oct 26, 18, 6:05 am
  #12  
 
Join Date: Dec 2009
Location: Flatland
Programs: AA Lifetime Gold 1MM, BA Gold, UA Peon
Posts: 5,774
One still should check one has not stepped in the dog-dirt with one's own shoes before blaming the other party for bringing the stench.
bisonrav likes this.
flatlander is offline  
Old Oct 26, 18, 6:16 am
  #13  
 
Join Date: Jan 2016
Programs: BAEC Silver, Avis Preferred, Hilton Gold
Posts: 519
Originally Posted by T8191 View Post
How many people use 'AlexCruz' as a password?
At least one person does according to haveibeenpwned.com!

Worcester likes this.
mickeyjaw is offline  
Old Oct 26, 18, 6:19 am
  #14  
 
Join Date: Jun 2018
Programs: BAEC
Posts: 10
The sad thing is that I got notification from Amex (BA Amex card) to say that they were monitoring my account and not to worry - before I got any notification from BA.... (both times!)
xlcus is offline  

Thread Tools
Search this Thread
Search Engine: