Around 380,000 card payments have been compromised for British Airways customers who booked online between August 21 and September 5, 2018. A RiskIQ researcher claims to have discovered evidence of a “skimming” script designed to steal financial data from online payment forms.
The researcher said the malicious script consisted of just 22 lines of code, BBC continues. It worked by taking data from BA’s online payment form and then sending it to the hackers’ server once a customer hit the “submit” button. The cyber-security company added that the attackers had been able to gather data from mobile app users because the same script was found loaded into the app on a page describing government taxes and carrier charges.
Overall, hacks like this make use of an increasingly common phenomenon, in which large websites embed multiple pieces of code from other sources or third party suppliers
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now