BA Executive Club security breach
Back to Forum- This topic has 76 replies, 18 voices, and was last updated 18 Apr 2015
at 13:09 by Swissdiver.
-
- Author
- Posts
- Skip to last reply Create Topic
-
Tony-UKParticipantHow would that work? I suggest you look at the app and you will realise that this is not possible (https://agilebits.com/onepassword). Someone would have had to get hold of a master password and I am confident that this has not happened.
8 Apr 2015
at 07:18
Tony-UKParticipantSwissdiver, I think that there are issues with the BA mail server. I have experienced this before when requesting copies of receipts, the email either does not arrive or arrives several hours later. It would appear that the issue with customers being unable to reset their password is not impacting everyone.
With all the issues that I have experienced with the BA web site in recent years (including the issue with apostrophes and hyphenation in surnames that impacted many users, including myself in December/January) I do not have much confidence in the BA IT department. BA have been upgrading the systems behind the web site in recent months and my view is that upgrades are not being robustly tested before release. I would not be surprised if a vulnerability was introduced during the upgrade process (though BA would never admit it and we are never likely to find out).
8 Apr 2015
at 07:28
Charles-PParticipantTony – I would NEVER use a product like 1Password to protect my data so I have no idea of any vulnerabilities it may or may not have. I am however intrigued at the faith you put into a product that is downloadable from the web, with whom you have no contractual agreement and not in the IT department of BA.
8 Apr 2015
at 07:34
Tony-UKParticipantWell Charles, I guess it is all about risk and what level you are prepared to take, and also some understanding of encryption technologies. Do we have a full understanding of the vulnerabilities in all the products we use?? The Heartbleed vulnerability is an example of technology that WE ALL (unless you do not use the Internet!) use and took for granted…
Whatever you do (or product you use) will undoubtedly have associated risk/vulnerabilities (including the decision to take a flight). 1Password is an established product with excellent reviews from security experts and I have not experienced vulnerabilities. This is no guarantee, but the benefits outway the risk for me. As for the BA IT department, I have experienced several issues with the BA web site in recent years and I also do not have a contractual agreement with them.
8 Apr 2015
at 07:52
Charles-PParticipantTony, I agree it’s all about risk assessment and I make no claims in understanding encryption technology. I spend my time working in the defence sector where the demands of information protection are so mvery much higher than in the commercial sector but as we saw with the traitor Snowden the human factor can never be fully accounted for. By the way you do have a commercial relationship with the BT IT department, it comes into place every time you buy a ticket.
8 Apr 2015
at 08:40
mkcol74Participant@Tony-UK OT however I’m concerned about your hyphenation of surnames issue, simply because my passport is in my former name (one name) & will soon be changing it to my current version (double barrelled). My EC a/c is still in my old name to match my passport. Does BA struggle with a hyphen? How do they deal with it – 2 separate names, or squish them together into one big long surname?!
I’d be interested to hear so I can at least be prepared!8 Apr 2015
at 09:46
Tony-UKParticipantWell, when the bug came in I could not book flights and there were other issues on their web site. I have an apostrophe in my name and the solution was to remove it i.e. BA can not handle apostrophes and my name is misspelled on the BA web site. This was BAs solution to the issue and I saw no point discussing further with them, but bizarre that a modern IT system can not deal with apostrophes. I do not know how they resolved double-barrelled names, but you may wish to call BA and ask them (ask to speak to BA Exec club as they will be aware of the issue).
8 Apr 2015
at 09:53
openflyParticipantI, annoyingly, was blessed with a hyphen!! Airlines don’t recognise them and my name becomes a non-existent entity. So, with all the passport, security and immigration checks, I travel with a name that does not correspond with my official passport name. It’s all a farce!
8 Apr 2015
at 09:59
Tony-UKParticipantI can live with the fact that my surname associated with a booking reference does not have an apostrophe as I think the global (and archaic) booking systems can not handle apostrophes and hyphens, however, it should not be beyond airlines to manage apostrophes on their web site i.e. the customer interface. This can cause problems sometimes when the letter before the apostrophe is removed completely e.g. if your surname is d’smith and you had a booking reference GB1234, then if you went to CheckMyTrip you would only find the booking by entering dsmith as your last name. I have used airlines that make the booking with just the name after the apostrophe e.g. smith and treat the ‘d’ as an initial. It is all unsatisfactory and agree it is farce that your name does not correspond with the official name in your passport. Airlines make a fuss and charge for genuine misspellings yet are prepared to accept this…
8 Apr 2015
at 10:08
MartynSinclairParticipanton IT security, we had a very lively discussion a few years ago about Cloud servers.. at the time, someone was trying to convince us about a third party cloud server provider, which failed, losing all their client subscribers data, was now indeed safe.
My IT security is pretty straight forward.
Computer is encrypted with password needed to turn on the hard drive. Thereby safeguarding all data.
Passwords are kept on an excel spread sheet
Hard Drive password can not change without IT help, but secondary password is changed every 3 weeks and is the same password with sequential numbering…
Back up’s – through company server and encrypted, password protected hard drive when travelling.
My company policy, would never entrust a list of passwords or any client data, to be kept by any third party service / software provider.. on unknown servers…. that’s why firms have their own servers and IT policy….
8 Apr 2015
at 15:08
Tony-UKParticipantBoth my wife and have received a standard email re. the issue with resetting passwords, has anyone else received this?
Thank you for letting us know about the difficulties you’re experiencing trying to reset your password and log in to your Executive Club account.
It should be fast and easy to do this online, so I’m very sorry it’s not worked like this for you. It is unusual for this to happen and thankfully the majority of our Members don’t have any problems. I appreciate this is little consolation for the frustration you have experienced.
I’m afraid I haven’t been able to fix this for you at the moment, and I’ve reported the problem to our systems team who have started working on a solution to correct this.
I’ll contact you again as soon as we have an update from them, but you’re welcome to keep trying in the meantime.
Please accept our apologies for any inconvenience this may cause, and thank you for your patience. If we can help with anything else please get in touch and we will be happy to help.
8 Apr 2015
at 15:38
Carajillo2SugarParticipantAs far as I am aware, airline (and by extension) travel-agency reservations systems have never been able to cope with hyphenated names so, whether it’s a surname or a first name, they just get squished together as one word (with a slash / to separate your surname/forename).
It’s important to remember that your ticket name should always match your passport name.
8 Apr 2015
at 18:48 -
AuthorPosts