Millions of air miles stolen in Air India hack
Fri 24 Jun 2016
Air India’s Flying Returns program, which maintains accounts for frequent flyers on India’s national airline has been hacked. At least 20 accounts were compromised and frequent flyer miles were stolen, with an estimated cash value of US $24,000.
In the hack, 20 false email accounts were used to access user accounts and transfer miles. Praveen Lal, commercial manager for Air India, outlined the steps taken to minimize the company’s vulnerabilities as a result of the hack. “All the affected membership accounts have been suspended so that no further activity can take place from these accounts. The affected user IDs have been deactivated along with user IDs that have identical user names and passwords. Also, all such user IDs that have not been active for the past three months have been deactivated.”
Police sources revealed that the hackers used an invalid ID proof, which was then associated with a fake email account, and that each transaction was approved using the same signature. As a result, they suspect either a travel agent or airline employee familiar with the company’s procedures worked with the hackers to help subvert the process of registering for the frequent flyer program in order to create false accounts and divert the miles to the hackers’ accounts.
A senior police officer said, “Apart from the computer hacker, we suspect the role of a present or a former employee who may be aware of the intricacies and loopholes in the system. We have asked the airline to supply us a list of employees who have quit the company recently.”
Researchers at Kaspersky Labs warned back in 2011 that frequent flyer miles were being targeted for use as a form of currency among hackers. A similar hack in December 2015 affected American and United Airlines frequent flyer accounts with over three dozen trips booked using stolen frequent flyer miles. And in April 2016, a computer programmer from Miami was accused of siphoning travel miles from the American Airlines Advantage program and redeeming them for more than $250,000 worth of travel and rewards.