Palo Alto & F5 big-IP firewall vulnerabilities exploited in Easyjet airlines hack; 9 million clients’ data leaked

Easyjet, a British airline, has reported a hacking incident in its systems, resulting in the exposure of data from more than 9 million users, including the theft of bank card information from more than 2,000 customers, cloud computing security specialists report.

According to the company’s report, an unidentified hacker group managed to access its systems to extract about 9 million email addresses and travel logs. Although Easyjet notes that most of the payment information made by its customers is safe, the company also admitted that 2,208 payment card records were stolen, including card numbers, expiration dates and three-digit security keys.

Although the incident has just been revealed, cloud computing security experts mention that the company has received multiple questions about some reports received via email. Some of these tweets include screenshots of what appears to be an easyjet email explaining that “the names, the flight destination, email address, among other user details, were compromised in early 2020”.

The notification included some recommendations for users concerned about the security of their information, such as resetting their passwords to access Easyjet and other online platforms that used the same email address. The airline also recommended users verify their statements and notify banks of any anomalous movements.

Cloud computing security experts sent a request for information to Easyjet, which responded shortly thereafter: “We took the necessary steps to contain the incident as soon as it was detected. We have the support of forensic specialists to solve the problem, as well as the National Cybersecurity Center and the Information Commissioner’s Office was notified.”

In this regard, Jake Moore, a cybersecurity specialist at ESET, believes that affected users should take this incident seriously: “There is a lot of money involved, so it is best to take the necessary measures as soon as possible. Postponing this kind of business only benefits criminals,” the investigator says.

This is just one of multiple problems for Easyjet. On April 16, the company announced the complete closure of its operations indefinitely due to the coronavirus outbreak. For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.