Delta Air Locks Thousands of Frequent Flyer Accounts Amid Fears of Major Cyberattack
- Delta Air Lines has reportedly locked access to as many as 68,000 SkyMiles frequent flyer accounts amidst concerns of suspicious cyber activity. The news comes just days after IT experts put the US airline industry on high alert for a potential cyberattack.
Delta Air Lines may have fallen victim to a sophisticated cyberattack after it emerged that the Atlanta-based carrier has locked some frequent flyer accounts over security concerns.
According to several members of Delta’s SkyMiles loyalty program, they only discovered there was an issue when they went to log in to their accounts and realized they were locked out.
When they contacted Delta by phone to work out what was going on, the agents reportedly told them there had been a potential IT security breach. It is not known how many frequent flyer attacks have been locked or whether Delta was able to restrict access before it was too late.
A spokesperson, however, declined to comment on reports that 68,000 accounts had been locked. The company noted that SkyMiles accounts were secure and that it occasionally asks customers to reset their credentials.
The news comes just two days after Sam Rubin, SVP of Threat Intelligence at cybersecurity firm Unit 42, put the aviation industry on high alert over a concerted campaign by the Scattered Spider hacking group to target North American airlines.
Rather than using reams of code to break into computer systems, Scattered Spider is more likely to use ‘social engineering’ to gain access to restricted databases from which they can steal sensitive information and shut down operations.
The loosely affiliated group of hackers is believed to have been behind the April cyberattack on upmarket British grocer Marks & Spencer, which took down the supermarket giant’s contactless payment system and online ordering, while affecting stock for weeks.
Hackers used social engineering during a call to the company’s IT helpdesk, successfully convincing an unwitting agent to give them access to an employee’s login details.
Also going by the name Muddled Libra, the group “stands at the intersection of devious social engineering and nimble technology adaptation,” Unit 42 warned last month.
“They continue to use social engineering as their primary modus operandi, targeting a company’s IT help support desk,” Unit 42 explained in a threat assessment document.
“Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry,” Rubin added in a post on LinkedIn. “Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA [multi-factor authentication] reset requests.”
In recent weeks, both Hawaiian Airlines and Canada’s Westjet have been the victims of cyberattacks.
In April, the union that represents flight attendants at United Airlines warned its members that cybercriminals were attempting to target the airline to steal their paychecks or social security benefits.
In this case, the ploy involves creating fake websites that look like a genuine login page for United Airlines staff. If a staff member accidentally clicks on this page from a Google search, the criminals record the login details and then attempt to use them on the genuine website.
United Airlines has MFA activated for its internal website and computer systems, but staff have fallen prey to hackers by inadvertently approving a login request.
Last month, Florida-based charter airline Global X, which is also known as ICE Air because of its contract with Immigration and Customs Enforcement for deportations, was hacked by the Anonymous cyber group.
During the attack, Anonymous posted a message on the official Global X website, criticizing the airline over its role in immigration removals from the United States. The group also claimed to have stolen passenger manifests of deportees.
