British cybersecurity experts have warned British Airways that some of the links in check-in emails can publish a passenger’s surname and booking information. A travel guide named, Sun Online Travel has verified that there was a case in a recent booking where a link from “Manage my Booking” email included the surname and booking number of the traveler. The experts have said that the link could be sent by the hackers to expose the traveler’s details for a scam.
According to the cyber experts, “Once the vulnerable check-in link is accessed by the passenger, a hacker can easily intercept the credentials that allow access to the e-ticketing system, which contains all of the personally identifiable information (PII) associated with the airline booking.”
The link sent through check-in email was not encrypted and it could be easily accessed by another user if both the users share the same wifi network like a public hotspot. If someone is using a closed home network, then the link can not be accessed by another user. The scammers can steal some potential information of the travelers such as email addresses, phone numbers, and other private details. It is better to pursue email verification before hovering or clicking on such a link.
The similar problem was also seen in February with other airlines including Thomas Cook, Air France, and Vueling. These airlines advised travel agencies and agents to make changes to keep the passengers’ details secure.