The password for your "britishairways.com" account has appeared in a data leak...
#1
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
The password for your "britishairways.com" account has appeared in a data leak...
This popped up on my Safari Start Page for me today.
My British Airways password is complex and unique and stored in my 1Password account. I have not yet been able to track down the source of the leak as I don't use my email address as my username and most sites require a search based on the email address.
Has anyone else seen this something similar in the last few days?
I have changed my password.
My British Airways password is complex and unique and stored in my 1Password account. I have not yet been able to track down the source of the leak as I don't use my email address as my username and most sites require a search based on the email address.
Has anyone else seen this something similar in the last few days?
I have changed my password.
#2
FlyerTalk Evangelist
Join Date: Dec 2003
Location: Not here; there!
Programs: AA Lifetime Gold
Posts: 29,574
This popped up on my Safari Start Page for me today.
My British Airways password is complex and unique and stored in my 1Password account. I have not yet been able to track down the source of the leak as I don't use my email address as my username and most sites require a search based on the email address.
Has anyone else seen this something similar in the last few days?
I have changed my password.
My British Airways password is complex and unique and stored in my 1Password account. I have not yet been able to track down the source of the leak as I don't use my email address as my username and most sites require a search based on the email address.
Has anyone else seen this something similar in the last few days?
I have changed my password.
#3
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
I don't think so. It's a security feature in Safari itself. That said, I didn't use their link but went to the real website and changed my password. When I logged in I could see all my account details, Avios and lifetime tier points which were all correct.
#4
Join Date: Nov 2004
Programs: BA GGL, LH FTL
Posts: 3,578
You can check https://haveibeenpwned.com/ to see if your account has been included in data breaches.
If I were you I'd change that password. Even if it is complex, the fact that it showed up in a previous breach makes it less secure.
If I were you I'd change that password. Even if it is complex, the fact that it showed up in a previous breach makes it less secure.
#5
Join Date: Apr 2000
Location: LAX and LHR. UA lifetime Gold 1.9MM 1K , DL Gold Medallion, HHonors Gold, Marriott Gold, Avis President's Club
Posts: 3,592
Posts purporting to come from credit card issuers, banks and others claiming that you need to reconfirm your security details are an almost daily occurrence these days. This Safari example is just another one. The tricksters are now casting their nets wider in the hope that some people will be fooled. Utility companies, local council garden waste, your internet company..... you name it, someone has tried it.
The answer is to ignore and delete them, and certainly never to click on a link in such an email.
The answer is to ignore and delete them, and certainly never to click on a link in such an email.
#6
Join Date: Aug 2017
Programs: BAEC
Posts: 460
9 out of 10 calls to my landline are scams and a much higher proportion of all electronic communication, mostly caught by rules, filters and security software. It’s just how the world is sadly. However I think OP did the right thing - changing the password but not via the ”helpfully” provided link.
#7
Join Date: Jun 2014
Posts: 212
I think that's really weird golfmad - if it's a 1Password generated password then it's going to be properly unique, so this means that there's been a leak of plaintext passwords from BA. They're not necessarily going to have the email stored next to them, but all the details I can find about the known BA data breach are that it included "customer details", nothing about passwords 😕
#8
Join Date: Sep 2020
Programs: BA Bronze :(
Posts: 63
I've just tried to get in this morning and can't get in the BAEC through the main site at all!
Safari does have this built in warning but the UI for could be improved massively by not putting in a suspicious link. Not sure how, maybe by telling you go to keychain and go to the change password page of the website instead of just the link.
As far as I know, the check doesn't align the username with your password, it just looks to see if that password has been in any of its leak sources anywhere, not necessarily against your username. For the security conscious, it doesn't pass/check full plain text passwords, I assume there's some cryptgraphic hashing or similar used. But the best course of action is what you've done and to just change your BA password to a new complex password.
Safari does have this built in warning but the UI for could be improved massively by not putting in a suspicious link. Not sure how, maybe by telling you go to keychain and go to the change password page of the website instead of just the link.
As far as I know, the check doesn't align the username with your password, it just looks to see if that password has been in any of its leak sources anywhere, not necessarily against your username. For the security conscious, it doesn't pass/check full plain text passwords, I assume there's some cryptgraphic hashing or similar used. But the best course of action is what you've done and to just change your BA password to a new complex password.
#10
Ambassador, British Airways Executive Club, easyJet and Ryanair
Join Date: Sep 2011
Location: UK/Las Vegas
Programs: BA Gold (GGL/CCR)
Posts: 15,924
#11
Join Date: Sep 2020
Programs: BA Bronze :(
Posts: 63
#12
Join Date: Jul 2009
Location: E14, LON
Programs: Virtuoso TA; SELECT TA; BAEC Gold; Hilton Honors Diamond; IHG Plantinum Amb
Posts: 238
Yes - exactly the same happened to be this morning
#13
formerly JackDann
Join Date: Oct 2017
Location: Northern Ireland
Posts: 1,657
Got in... but went to search for flights and got this.
"There is currently no access to your account while we upgrade our system. Please visit the information page to find out how this may affect you. We apologise for any inconvenience caused and thank you for your patience."
When I clicked the link to visit the information page I got a "Page not found" error.
"There is currently no access to your account while we upgrade our system. Please visit the information page to find out how this may affect you. We apologise for any inconvenience caused and thank you for your patience."
When I clicked the link to visit the information page I got a "Page not found" error.
#14
Join Date: May 2016
Posts: 1,167
Got in... but went to search for flights and got this.
"There is currently no access to your account while we upgrade our system. Please visit the information page to find out how this may affect you. We apologise for any inconvenience caused and thank you for your patience."
When I clicked the link to visit the information page I got a "Page not found" error.
"There is currently no access to your account while we upgrade our system. Please visit the information page to find out how this may affect you. We apologise for any inconvenience caused and thank you for your patience."
When I clicked the link to visit the information page I got a "Page not found" error.
#15
Moderator: British Airways Executive Club
Original Poster
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,248
You can check https://haveibeenpwned.com/ to see if your account has been included in data breaches.
As I said in post 1 that was the first thing I did.