Malicious script found injected into the British Airways website

Tuesday 11 September 2018 10:46 CET | News

RiskIQ, a cyber-security company, has found a malicious script injected into the British Airways website, which could be the cause of a recent data breach, according to BBC.

Around 380,000 card payments have been compromised for British Airways customers who booked online between August 21 and September 5, 2018. A RiskIQ researcher claims to have discovered evidence of a “skimming” script designed to steal financial data from online payment forms.

The researcher said the malicious script consisted of just 22 lines of code, BBC continues. It worked by taking data from BA’s online payment form and then sending it to the hackers’ server once a customer hit the “submit” button. The cyber-security company added that the attackers had been able to gather data from mobile app users because the same script was found loaded into the app on a page describing government taxes and carrier charges.

Overall, hacks like this make use of an increasingly common phenomenon, in which large websites embed multiple pieces of code from other sources or third party suppliers

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: RiskIQ, data breach, British Airways, malicious script, UK
Countries: World

Industry Events