India’s national airline – Air India has been the target of a sweeping hacking campaign that exploited members of the airline’s frequent-flyer program to make away with air miles.
Air India’s ‘Flying Returns’ program which has nearly 2 million user accounts has been targeted in an orchestrated hacking campaign which saw dozens of accounts compromised.
Initial estimates reveal at least 20 compromised accounts, the Times of India reported. Tasked with the investigation, police believe that the attack was instigated by an insider with knowledge of the working of the airline’s internal systems.
Speaking to the publication, Air India commercial manager Praveen Lal stated:
All the affected membership accounts have been suspended so that no further activity can take place from these accounts. The affected user IDs have been deactivated along with user IDs that have identical user names and passwords.
Also, all such user IDs that have not been active for the past three months have been deactivated.
Senior officials from the investigation have confirmed that the instigators of the hack created 20 email IDs in order to siphon away the reward points earned by passengers. Altogether, air miles worth Rs. 1.7 million (approx USD $24,000).
The investigation so far has turned up the discovery of an IP address from a suspect’s computer. That, is the only lead available to the cops leading the investigation. Predictably, investigators are looking into KYC (know your customer) details to ascertain the identity of the suspect from the ISP (internet service provider) behind the IP.
“Apart from the computer hacker, we suspect the role of a present or a former employee who may be aware of the intricacies and loopholes in the system,” a senior police official who is leading the investigation stated.
A “virtual and physical manhunt” is underway to find the perpetrators behind the air miles hack.
Featured image from Shutterstock.