Air New Zealand reports a cyberattack after discovering that hackers launched a credential-stuffing attack on some of their customer’s accounts, causing them to be unable to access their accounts. The airline’s representative clarified that the incident was not a breach of their security systems but was from some affected customers’ accounts.
The Australian airline firm also explained that the breach only affected some of their customers. There was also no evidence of stolen data or fraudulent transactions based on investigations.
As a part of the firm’s incident response, they locked out all customers’ accounts and advised them to immediately change their login credentials before accessing the Airpoints online portal again.
People using the same account credentials, such as their email address and password, across numerous online accounts are prone to credential stuffing attacks. Those that do not update their passwords regularly or are not using MFA are also commonly victimised by these attacks.
Thus, security experts strongly advised having different passwords for all online accounts, so hackers who attempt to intrude will have a hard time accessing their accounts.
The attack on Air New Zealand transpired only weeks after NZ’s Pinnacle Healthcare reported a ransomware attack on their systems.
Ransomware hackers were able to steal some health information from New Zealand’s Pinnacle Healthcare last October 5, only a few weeks before Air New Zealand became the next victim. The incident analysis shows that only basic personal information was compromised in the Pinnacle attack. However, experts fear that even the simplest form of stolen data could still be used for grave cyberattacks.
This year’s uptick in online cybercrime trends must remind all businesses to enhance their security protocols.
Today’s rapid inflation could also contribute to the rising attacks from cybercriminals. According to a separate researcher, as interest rates increased, so did the volumes of financial data being shared on businesses and online platforms, opening up a way for hackers to take advantage and victimise people.
People, however, could avoid being a target by being more vigilant against threats of cyberattacks. It is recommended not to entertain messages, calls, or emails from unknown sources and report them immediately to authorities who could take proper action.
