Skip to main content

British Airways data breach hackers identified

The attackers behind a data breach that left thousands of British Airways customer details exposed have been identified by security researchers.

RiskIQ has named the Magecart hacking group as the suspected perpetrators behind last week's attack, which saw ore than 300,000 accounts compromised.

The group was able to obtain the names, street and email addresses, credit card numbers, expiry dates and security codes of the airlines customers, which could potentially have allowed them to steal from user accounts.

BA data breach

Magecart first hit the headlines back in June when it was identified as being behind an attack on ticket sales site Ticketmaster.

RiskIQ said that the fact the BA attack bore several trademarks of the group, as it was web-based and targeting credit card data. 

However there was one key difference to the Ticketmaster attack, with Magecart directly targeting the British Airways site, rather than a third-party service as they had done previously, showing that they planned their attack around BA's unique site structure and functionality.

Magecart was also apparently highly aware aware of the way the British Airways mobile app was built, and took advantage of the fact it used much of the same functionality as the website, and could therefore be hijacked in the same way.  

"This attack is a highly targeted approach compared to what we’ve seen in the past with the Magecart skimmer,” said Yonathan Klijnsma, head researcher at RiskIQ. "This skimmer is attuned to how British Airways’ payment page is set up, which tells us that the attackers carefully considered how to target this site in particular."