Month: September 2022

American Airlines has recently suffered a data breach. Threat actors compromised a limited number of employee Microsoft 365 email accounts, and as a result gained access to sensitive customer and employee personal information. The information included names, email addresses, passport numbers, date of birth, driver’s license numbers, mailing addresses, phone numbers, and certain medical information.

The company filed a data breach notification letter with Montana’s State Attorney General’s Office on September 16, 2022, disclosing that the breach was discovered in July, approximately two months earlier. The notification reads: “In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members. Upon discovery of the incident, we
secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident. Our investigation determined that certain personal information was in the email accounts. We conducted a full eDiscovery exercise and determined some of your personal information may have been contained in the accessed email accounts. We have no evidence to suggest that your personal information was misused.”

The company did not disclose how many customers were impacted by the data breach.

American Airlines employs about 123,000 employees, and makes about 6,800 daily flights to 350 destinations in over 50 countries. It is the world’s largest airline when measured by fleet size, scheduled passengers carried, and revenue per passenger mile.

Read more about it here.

InterContinental Hotels Group PLC (IHG) disclosed on September 9, 2022 that has been breached. Parts of its technology systems have been subject to unauthorized activity. The attack significantly disrupted IHG’s booking channels and other applications, which implies that the company may have been subject to ransomware attack. The attack impacted also third-party sites, such as Expedia and Booking.com.

IHG operates 17 brands, including Regents, InterContinental, Crowne Plaza and Holiday Inn.

Read more about it here.

The hacking group AgainstTheWest recently published a post on the Breach Forums message board, claiming to have hacked TikTok and stolen source code and user data. The group published screenshots of an alleged stolen data, it claims to have had access to an Alibaba cloud instance containing data for both TikTok and WeChat users. The group claims to hold 2.05 billion records in a massive 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and more.

TikTok has told Bleeping Computer that the claims of the company being hacked are false: “This is an incorrect claim — our security team investigated this statement and determined that the code in question is completely unrelated to TikTok’s backend source code, which has never been merged with WeChat data.” TikTok further said: “We have confirmed that the data samples in question are all publicly accessible and are not due to any compromise of TikTok systems, networks, or databases. We do not believe users need to take any proactive actions, and we remain committed to the safety and security of our global community.”

Popular data breach hunter Bob Diachenko and his team analyzed the publicly exposed data and confirmed its authenticity, and noted that the data’s source was Hangzhou Julun Network Technology Co., Ltd and not TikTok.

Troy Hunt, a regional director at Microsoft and the creator of the Have I Been Pwned tool, called the hackers’ data “inconclusive,” but added that “it could be non-production or test data” that likely wasn’t taken through a data breach.

This is so far pretty inconclusive; some data matches production info, albeit publicly accessible info. Some data is junk, but it could be non-production or test data. It's a bit of a mixed bag so far.

— Troy Hunt (@troyhunt) September 5, 2022

Read more about it here.